Encryption is the surest way to protect data, so why isn’t everyone doing it?

OryxAlign

Despite the undoubted importance of cybersecurity and sound data management across organisations, best practice remains elusive, argues Jon Fielding, EMEA Managing Director at Apricorn

US president Joe Biden has made an executive order on improving that nation’s cybersecurity, stipulating the need to encrypt data both at rest and in transit. Meanwhile, three in every ten IT leaders this year in our 2021 Global IT Security Survey revealed that their organisation had suffered a data breach that could have potentially been mitigated by encryption.

18% of respondents told us that their company had experienced a breach through lost or misplaced devices; a common occurrence despite peace-of-mind being easily achievable via end-to-end encryption coupled with correct backup and storage strategies.

Another 12% admitted point-blank that the breach at their organisation was down to a lack of encryption. This both highlights and underlines the crucial role encryption has to play in protecting sensitive information.

A knee-jerk response might counter by pointing out that the USA is not the UK. However, our world is one of globalised communications, cyber threats and multinational companies. Like it or not; we’re all connected.

Therefore, while a third of UK organisations now require all corporate data to be encrypted as standard, according to Apricorn’s latest survey of IT leaders, the share simply isn’t high enough as yet to deliver any desirable ‘herd immunity’ against cyberattack.

Step into encryption’s ‘brave new world’

Another 39% admitted that they could not be certain their data is adequately secured for remote working. Thus, better control over data security, both corporate and individual, is very clearly required. Meanwhile, cyber threats and attacks continue to evolve to target an array of vulnerabilities.

Luckily, enterprise data encryption and cryptographic techniques also continue to develop and innovate, keeping just ahead of the hackers. In addition, Federal Information Processing Standards (FIPS) continue to advance.

It has often been assumed that implementing cybersecurity can mean strangling device and application performance – but technological advances have reduced the chances of this issue. Solid state drives (SSDs) available today, for instance, are smaller than a deck of cards yet deliver read/write speeds of 350/310MB/s – nearly twice as fast as their immediate predecessors.

With hardware-based encryption, a device uses its own internal security features to protect information stored on it – no additional software is required that could itself be vulnerable to attack.

A malicious actor typically cannot simply apply a brute-force attack to crack the passcode for access to a hardware-encrypted device because the cryptographic module will stop accepting sequential incorrect attempts and eventually wipe access to the data once a pre-determined threshold is reached, ensuring that data can no longer be accessed by anyone. The long prevalent alternative of software-based encryption is vulnerable to portability challenges, counter resets or potential copying of an encrypted file for a cracking attempt.

Hardware-encrypted devices are becoming the technology of choice for storing and backing up encrypted data, especially while maintaining accessibility for a distributed or mobile workforce.

Removable storage devices with built-in hardware encryption can be assigned to employees – and managers – ensuring all data can be stored or moved around safely offline. Even if the devices are lost or stolen and inserted into another host computer, the information stored therein remains unintelligible to those not authorised to access it.

Back it all up – with policy and education

Many business managers may not have considered the use of a FIPS-certified, software-free hardware-encrypted mobile storage device. Incorporating pinpad authentication and device whitelisting practices – locking down USB ports to all but corporately approved devices.

In our survey, 18% of IT leaders also reported that they don’t understand which of their data sets need to be encrypted; 15% indicated they have no control over where company data goes and where it is stored. Again, this underlines the crucial role of sound policy and solid education to assist workers and management alike to enhance their awareness and practices to counter real-world threats anywhere and any time, even as they emerge.

We would argue, therefore, that not only should hardware encryption be considered, but that encryption of all data at all times should be mandated in policy and enforced at operations level.

The UK Information Commissioner’s Office agrees – noting that Article 32 of the General Data Protection Regulation (GDPR) states that organisations implement encryption where appropriate. Organisations should have an encryption policy in place that governs how and when encryption is implemented and train staff in the use and importance of encryption. Staff and managers alike should be included and their input sought and implemented at all stages of this ongoing process for the best results.

Developing and adopting a policy that covers an entire organisation and mandates the deployment of the right solutions at the endpoint not only allows employees to use their own hardware safely but gives them autonomy, assisting operational agility and defending against the risk of cyberattack. Of course, all policies should be regularly revised and training updated to ensure continued relevance.

With the hybridised workplace infrastructures of today, good cybersecurity practice means considering vulnerabilities associated with staff, partners, and customers wherever the touchpoint, and regardless of whether the endpoints used are corporate laptops and desktops or BYOD.

READ MORE:

Encryption is becoming increasingly important as critical to sound data management, and its use must be ramped up to avoid a rise in breaches in the many organisations seeking to retain the benefits of hybrid home/office working practices. This should happen today – there’s simply no better time.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...