Businesses large or small need to understand the importance of data protection
Sony got an unwanted gift to kick off this year’s holiday season, becoming the victim of a security breach that not only leaked the unreleased Christmas film Annie but also compromised the healthcare and salary data of over 6,800 employees. Sony’s case reflects a more widespread problem, illustrated by the fact that over 41 percent of healthcare organizations aren’t encrypting user endpoints even though a third of their employees sometimes work outside the office, according to Forrester research.
But the problem is probably even greater for small businesses that don’t understand, or have proper resources, to protect their business with data encryption.
Companies such as Apple are responding to this challenge by emphasizing their use of encryption, leading Forrester to predict that encryption and a number of related data and privacy protection measures will become key competitive differentiators in 2015.
A Security Pillar
Encryption, along with tokenization and dynamic authentication, will form one of the pillars in the new security strategy that will soon be rolled out by the Payments Card Industry Data Security Standard, which represents the credit card, financial services, and retail industries, PCI Security Standards Council officials told Sydney audiences in November. The council is considering encryption as a way to ensure that only authorized users can make practical use of data transferred across open, public networks, effectively stripping stolen cards of value for identity thieves.
Merchants have until the end of the year to comply with the current version of the PCI DSS standard. The new standard emphasizes that merchants’ responsibility for protecting data does not end when they outsource it to a third-party provider such as a cloud service. PCI provides merchants with new requirements for use of third parties, as well as documents to facilitate better security controls from cloud service providers.
One important encryption technique enterprises are adopting is encrypting stored data. As the University of Minnesota’s IT department explains, encryption converts data that is in storage or being transmitted into a coded form called ciphertext that is difficult for unauthorized users to decipher. Authorized users who hold the decryption key can then decipher the data as needed. The latest versions of iPhone and Android now come with default encryption. For enterprise-level users, Mozy offers storage with 256-bit AES encryption locked by a corporate key.
Don’t Forget to Delete
Encryption adds a layer of protection to your data in the event that you need to wipe a former employee’s device after their departure, since without a key the information is unreadable. However encryption in itself doesn’t automatically delete data, and someone with a key could conceivably still decipher it. For extra security, be sure to delete any data you don’t want to be recoverable. PCWorld technology writer Chris Hoffman explains how to manage your drives, operating systems, and files in conjunction with your encryption to ensure that deleted data you want disappeared is truly gone. After deletion, Hoffman recommends using a file recovery program to run a deep scan, enabling you to see what a potential attacker might uncover.
One challenge enterprises face when adopting encryption is lost productivity that may result during the implementation phase. To avoid this issue, Computer Weekly recommends a number of best practices. Recommended procedures include designating a point person to be responsible for rolling out implementation, building encryption tools into new and refreshed devices before releasing them to users, and backing up locally-stored data prior to encryption.
More Articles You May Be Interested In:
Latest posts by Roy Rasmussen (see all)
- Running a Business in the Digital Era: A Decade of Changes - May 27, 2015
- 3 Common Small Business Website Mistakes - May 19, 2015
- Use Event Marketing to Promote Small Business Sales - April 14, 2015
- For Better Organic Marketing, Rely on Your Existing Resources - April 7, 2015
- 3 Ways the Cloud Helps Win More Business - March 24, 2015