• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Data encryption best practices

August 3, 2014 by Secure360 and UMSA

Date-EncryptionAccording to a recent survey of ID theft victims by the National Consumer League and Javelin Strategy & Research, your chances of suffering from a data breach today are one in three. This is up from a one in nine chance just four years ago. Not only has the likelihood of a breach increased, but the financial stakes have risen as well. Hacking into computers and grabbing data to sell on the black market has become common practice for cyber criminals, yet one third of the victims have taken no steps to prevent data fraud.

It’s time to get serious about data encryption. You may not be able to prevent data from being stolen, and if you can’t you’d better protect it against being usable to fraudsters.

Start with a policy

Your organization needs to decide what data needs to be encrypted and how that encryption will work. Kaspersky labs suggests asking yourself the following questions:

  • Will we encrypt entire disk drives?
  • Will we encrypt removable storage devices?
  • Will we encrypt certain data files and folders, which ones?
  • Will data be unreadable for some users and not others?

When deciding what to encrypt, include all the relevant stakeholders in the process: IT management, operations, finance, etc. These stakeholders will help you understand what data is potentially harmful in the hands of criminals and what needs extra protection.

When you’ve established your policy, put it in writing and communicate about it.

Understand the cloud

Storing data in the cloud has become common practice for many organizations. It offers convenient and affordable data storage solutions. However, cloud environments can also introduce complexities you need to consider before creating your encryption strategy. With cloud computing, you no longer control all the physical aspects of your data. In a cloud environment, only the data owner should have access to encryption keys. 

Understand your vendors’ encryption process

Third-party vendors have been known to unwittingly give up important data. It’s important to ensure your vendors are properly protecting your data too. Ask vendors about the specific modules they use for encryption and check that their practices meet industry standards as well as your own. While there are international encryption standards in place, companies can take liberties with how they apply the standards. Don’t be afraid to ask the right questions and hold vendors to your standards.

Encryption is for your organization. It’s not just the government and large companies that suffer from breaches. Any organization storing sensitive data should be taking every precaution to protect that data from theft and use by fraudsters. Don’t make it even easier for cybercriminals to use your data once they steal it, encrypt it.

Filed Under: Business Continuity Management, Cybersecurity

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Bryghtpath LLC
    Bryghtpath LLC: Bryghtpath CEO @bryanstrawser presented last week at the @Secure360 Conference on "Navigating the Ransomware Challe… https://t.co/iXa3JeRKNN
    about 1 day ago

  2. Scott Sutherland
    Scott Sutherland: For those who missed it, here's a video of the "Building Ransomware Detections" presentation I gave @Secure360 last… https://t.co/DkjNZnCfRw
    about 1 day ago

  3. 🟣Tyler Cohen Wood
    🟣Tyler Cohen Wood: @HaroldSinnott @Secure360 Thank you, @HaroldSinnott!
    about 2 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.