How Encryption is Impacting Business Security

Data EncryptionBusinesses large or small need to understand the importance of data protection

Sony got an unwanted gift to kick off this year’s holiday season, becoming the victim of a security breach that not only leaked the unreleased Christmas film Annie but also compromised the healthcare and salary data of over 6,800 employees. Sony’s case reflects a more widespread problem, illustrated by the fact that over 41 percent of healthcare organizations aren’t encrypting user endpoints even though a third of their employees sometimes work outside the office, according to Forrester research.

But the problem is probably even greater for small businesses that don’t understand, or have proper resources, to protect their business with data encryption.

Companies such as Apple are responding to this challenge by emphasizing their use of encryption, leading Forrester to predict that encryption and a number of related data and privacy protection measures will become key competitive differentiators in 2015.



A Security Pillar

Encryption, along with tokenization and dynamic authentication, will form one of the pillars in the new security strategy that will soon be rolled out by the Payments Card Industry Data Security Standard, which represents the credit card, financial services, and retail industries, PCI Security Standards Council officials told Sydney audiences in November. The council is considering encryption as a way to ensure that only authorized users can make practical use of data transferred across open, public networks, effectively stripping stolen cards of value for identity thieves.

Merchants have until the end of the year to comply with the current version of the PCI DSS standard. The new standard emphasizes that merchants’ responsibility for protecting data does not end when they outsource it to a third-party provider such as a cloud service. PCI provides merchants with new requirements for use of third parties, as well as documents to facilitate better security controls from cloud service providers.

Encryption Storage

One important encryption technique enterprises are adopting is encrypting stored data. As the University of Minnesota’s IT department explains, encryption converts data that is in storage or being transmitted into a coded form called ciphertext that is difficult for unauthorized users to decipher. Authorized users who hold the decryption key can then decipher the data as needed. The latest versions of iPhone and Android now come with default encryption. For enterprise-level users, Mozy offers storage with 256-bit AES encryption locked by a corporate key.

Don’t Forget to Delete

Encryption adds a layer of protection to your data in the event that you need to wipe a former employee’s device after their departure, since without a key the information is unreadable. However encryption in itself doesn’t automatically delete data, and someone with a key could conceivably still decipher it. For extra security, be sure to delete any data you don’t want to be recoverable. PCWorld technology writer Chris Hoffman explains how to manage your drives, operating systems, and files in conjunction with your encryption to ensure that deleted data you want disappeared is truly gone. After deletion, Hoffman recommends using a file recovery program to run a deep scan, enabling you to see what a potential attacker might uncover.

Maintaining Productivity

One challenge enterprises face when adopting encryption is lost productivity that may result during the implementation phase. To avoid this issue, Computer Weekly recommends a number of best practices. Recommended procedures include designating a point person to be responsible for rolling out implementation, building encryption tools into new and refreshed devices before releasing them to users, and backing up locally-stored data prior to encryption.




The following two tabs change content below.

Roy Rasmussen

Roy Rasmussen, co-author of "Publishing for Publicity," is a freelance copywriter who helps small businesses get more customers and make more sales. His specialty is helping experts reach their target market with a focused sales message. His most recent projects include books on cloud computing, small business management, sales, and business coaching.