Cyber Security: Should you be encrypting your data?
Data safety is paramount, and encryption may be a significant step in order to keep you safe. So what is it and what should you encrypt? Your business doesn’t deal with highly confidential data, so you don’t need to encrypt your data, right? Wrong. Although ‘data encryption’may sound like something that only happens in institutes that store ultra sensitive data, such as banks and government organisations, there is still very good reason as to why you need it.
What is data encryption?
Data encryption translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it. Encrypted data is commonly referred to as ciphertext, while unencrypted data is called plaintext. Encryption is said to be one of the most popular and effective data security methods used by organisations. Two main types of data encryption exist –symmetric encryption and asymmetric encryption.
- Symmetric encryption: is a method of cryptography where a single key is responsible for encrypting and decrypting data. The involved parties share that key, password, or passphrase, and they can use it to decrypt or encrypt any messages they want.
- Asymmetrical encryption: is also known as public key cryptograph and uses two keys to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It aims to ensure that malicious persons do not misuse the keys.
Should you encrypt?
The General Data Protection Regulation (GDPR), along with a surge in sophisticated cyber attacks, has emphasised the importance of protecting all data, big and small. Although you may not think of your data as highly confidential, by holding information such as customer details, you are at risk of a hefty fine by breaching that data. As well as legal concerns, from a business reputation point of view, it is best practice to hold data secure. Just one data breach could heavily damage a brand’s reputation.
What needs encrypting?
As work environments contain more and more mobile devices such as tablets and laptops, it is essential that these devices be encrypted. If you were to fall victim to a burglary, would the intruders be able to access the device in question? It may also be useful to encrypt legacy hardware. When the devices are recycled and you need to ensure all data is destroyed; using encryption makes it easier to wipe the drive and make it non-recoverable.
Do you have a data protection strategy?
Before rushing to deploy encryption technology, make sure you have a plan and strategy in place on how you are going to ensure the protection of your data. Once you have a plan in place, this needs to be effectively communicated to all employees, who must also understand their responsibility in keeping data safe. SCC has strong credentials as a solutions provider in the networking and security space. Our cyber security lifecycle helps customers to define their security posture according to the minimum risk their business is keen to take. We do this through a four-stage model: PREDICT, PREVENT, RESPOND, DETECT. <!–Protect your business’s IT assets, be GDPR compliant and secure your data–>