Data theft is on the rise. You should make every effort to protect yourself from known threats but also acknowledge that even the most dedicated IT teams cannot stop every threat. Even government departments struggle to keep their data confidential. It’s unlikely that your company has similar levels of staff, technology or funding to NASA or the South Korean military.
When you accept this, it’s not a time to feel fatalistic. It’s time to look at data encryption. You may not be able to stop hackers taking your data, but you can do everything in your power to ensure that data is completely unusable if they do.
What is data encryption?
In simple terms, data encryption works in the same way schoolyard coded messages work but on a vastly more complex scale. If you wrote a message and then translated it using a cipher, the message was completely unintelligible to anyone, unless they had the same cipher. Modern data encryption uses ciphers or keys that are so complex, no computer on earth can be expected to guess the combinations within any useful time frame. As such, any sensitive data from instant messages to financial transactions can be encrypted so no one can read them without the appropriate permissions.
What happens when you don’t encrypt sensitive data?
Here’s a recent example. In the final days of the last United States election, one candidate’s emails were hacked and leaked to the press. There is speculation that this information influenced voters and potentially changed the outcome of that election. The password protections were weak, and the emails were not encrypted.
The Equifax hack is another example of sensitive data being shared due to a failure to encrypt. The personal financial data of over 145 million people was exposed and there is very little anyone can do to recover it. It’s suggested that many people won’t even know they were exposed until their accounts are tampered with by hackers who have purchased the data.
Problems like these could have been avoided. Breaking into secure databases or email servers should not yield these kinds of disastrous results. If the information had been maintained as encrypted data instead of ‘plain text’, these headlines would not exist. It makes even the most experienced and trusted companies look like rookies.
How can data be encrypted?
There’s two different times that data should be protected with encryption. When your data is being stored (on servers or drives, for example), it is considered to be ‘at rest’. Data ‘in transit’ is information that is being sent over email, apps, through instant messaging systems, over websites or to the cloud. Here are some of the more common methods of data encryption:
Encrypted email servers assist regular SMTP email programs to encrypt messages both sent and received.
Encrypted web connections are very common now – notice the green lock image in your browser address bar? You might also see web addresses with ‘https’ instead of ‘http’. Https addresses provide encryption security for any data sent from the website (like credit card details) back to its servers.
End to End (E2E) encryption is commonly offered on instant messaging platforms like Apple iMessage, WhatsApp and Facebook Messenger. This protects the communications from intercept during transmission as well as when it’s with the sender and receiver.
File encryption protects an individual file from being read unless permissions have been granted. This protection extends beyond its originating device.
Full disk encryption (FDE) protects an entire server or disk by encrypting the complete hardware set up. Files are no longer protected when they leave the disk but are protected while in situ.
Some of these processes can be layered. For example, an individually encrypted file could be stored on an FDE drive or sent through an encrypted email server.
Data encryption is complex, and prioritisation is key
There’s no doubt that this is a complex area of IT security. This article won’t cover the types of encryption that can be used, or the methods of key management either. You will need to consult with an experienced team to find out the best methods of encryption and management for your business.
You may like to identify the areas of your business that have the most exposure to risk. If you discuss sensitive business dealings over email, for example, ensure that channel is encrypted as a priority. Over time you may decide to encrypt your entire data storage solution. You may need to act with some urgency if you deal with customer or client financial information, particularly over your company website.
Is there still value in regular cyber security protocol?
Absolutely. Every effort should be made to protect your data from theft or corruption. While encrypting your data protects it from misuse, there is still great value in avoiding its theft in the first instance. Deploying stringent firewall protection and other measures will deter hackers from attempting opportunistic breaches. Encryption protects your data from those actors who will invest time and effort to access your files, no matter what protections you have in place. Data storage and management specialists will be able to advise you on how to provide the most effective layers of security around your data.
Data encryption practices are becoming necessary, even for small to medium businesses. Ultimately, no one can stop a dedicated hacking attempt. It does not have to be catastrophic if the right data protection measures are taken ahead of time. As with all things in IT, identify your most urgent matters and act upon them. Change can be incremental. The last thing you want is to have your confidential data or your lack of security broadcast for all to see.
About Mustard IT, your cyber security partner
Mustard IT provide the design, build, and installation of secure IT servers and networks, and can help you implement data encryption protocols. Our trusted team are experienced and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.