According to a recent survey of ID theft victims by the National Consumer League and Javelin Strategy & Research, your chances of suffering from a data breach today are one in three. This is up from a one in nine chance just four years ago. Not only has the likelihood of a breach increased, but the financial stakes have risen as well. Hacking into computers and grabbing data to sell on the black market has become common practice for cyber criminals, yet one third of the victims have taken no steps to prevent data fraud.
It’s time to get serious about data encryption. You may not be able to prevent data from being stolen, and if you can’t you’d better protect it against being usable to fraudsters.
Start with a policy
Your organization needs to decide what data needs to be encrypted and how that encryption will work. Kaspersky labs suggests asking yourself the following questions:
- Will we encrypt entire disk drives?
- Will we encrypt removable storage devices?
- Will we encrypt certain data files and folders, which ones?
- Will data be unreadable for some users and not others?
When deciding what to encrypt, include all the relevant stakeholders in the process: IT management, operations, finance, etc. These stakeholders will help you understand what data is potentially harmful in the hands of criminals and what needs extra protection.
When you’ve established your policy, put it in writing and communicate about it.
Understand the cloud
Storing data in the cloud has become common practice for many organizations. It offers convenient and affordable data storage solutions. However, cloud environments can also introduce complexities you need to consider before creating your encryption strategy. With cloud computing, you no longer control all the physical aspects of your data. In a cloud environment, only the data owner should have access to encryption keys.
Understand your vendors’ encryption process
Third-party vendors have been known to unwittingly give up important data. It’s important to ensure your vendors are properly protecting your data too. Ask vendors about the specific modules they use for encryption and check that their practices meet industry standards as well as your own. While there are international encryption standards in place, companies can take liberties with how they apply the standards. Don’t be afraid to ask the right questions and hold vendors to your standards.
Encryption is for your organization. It’s not just the government and large companies that suffer from breaches. Any organization storing sensitive data should be taking every precaution to protect that data from theft and use by fraudsters. Don’t make it even easier for cybercriminals to use your data once they steal it, encrypt it.