Not too long ago, companies used to keep their records in paper ledgers and communicate via snail mail and phone calls. The only way you’d get “hacked” is if someone physically plucked files from your records room.
Things are very different now.
Nowadays, every business works with data in one form or another. Everyone has email. Customer information is kept on computers. Product blueprints and designs are kept on servers. This is all important company information, and it’s all at risk.
“In the world of hyper-connectivity your data is exposed over the Internet in all kinds of ways,” says Adam Evans, Director of Product Management for BlackBerry.
If your company’s data is accessed by the wrong kind of people, you or your customers could lose big. Just ask Starbucks, whose customers lost thousands of dollars to hacked Starbucks mobile app user accounts.
In addition to sensible IT policies, data encryption can be an effective way to protect against unauthorized access while still making it available for its intended purpose.
What is data encryption?
Encryption converts any sort of data into a form that cannot be understood by unauthorized users. The only way you can read or access this data is by possessing the key or password that decrypts it and converts it into its original form. There are many commercially-available programs that encrypt and decrypt data on your behalf, as long as you possess the right permissions.
There’s two general applications for data encryption:
Files and storage. In the past, files were stored almost exclusively on internal servers that were hard for intruders to physically access. Now, however, more and more businesses are hosting their data on the cloud. Sam Bourgi, Senior Analyst for Policy Development and Research at ICTC Canada says, “As they switch over [to the cloud], businesses are handing over a lot of control of their data. That opens them up to a few risks. Most cloud infrastructure is very secure, but there’s always the need for an added element of security and data encryption when you’re handing information over to a third party.”
Email. Email is normally overlooked when considering protection. As a result, it is highly vulnerable. “Email is not generally well-protected,” Adam says. “It runs through any number of servers in the Internet that may not be secured. So if you’re sending any kind of information via email, you should be very cognizant of what you’re sending and how that data gets received.”
Why should I encrypt my data?
As in the Starbucks example, there can be serious consequences to leaving your data unencrypted.
- Identity theft. Hackers and cyber-criminals can use unencrypted customer financial data like credit card numbers, email addresses, and home addresses to commit identity theft and steal your customers’ money. They can even use the information to commit other crimes under a false identity.
- Theft of proprietary information. Corporate espionage involves stealing another company’s sales data, product information and other proprietary information in order to get an advantage. Not even sports teams are immune to this kind of criminal activity.
- Exposure of sensitive documents. Sensitive contracts, documents and emails are all at risk of exposure. Sony experienced this when it fell victim to having its employees’ emails scattered all over the Internet for everyone to read, and many executives wound up being embarrassed and publicly shamed for what they thought were internal conversations.
Encryption helps protect your company and your customers from unscrupulous hackers. Even if they can access your data, they’re going to have to put a lot more effort into unencrypting it, which reduces how much they profit from it.
That’s the key, Adam says. “Security of corporate data is all about risk, about making the data harder to get than it’s worth. There’s a lot of gray area there. If you’ve got a reasonable level of protection on most of your data, then anyone hunting for that kind of data is going to look for an easier target.”
And how do you define what’s “reasonable?” How much should you invest in data encryption?
Encryption Measures and Options
There are various encryption measures and resources you can tap, depending on your needs and the size of your organization.
- File and data encryption. There are a number of affordable programs that allow you to easily encrypt files and hard drives, like VeraCrypt, BitLocker and even WinZip. Blackberry’s Watchdox can restrict access to documents to specific people and watermark them so that, if it’s leaked, you know where the leak came from.
- Communications and network encryption. For larger organizations, companies like McAfee and Sophos provide scalable enterprise-grade encryption products and support to keep your data safe across multiple channels. Blackberry’s BES 12 helps manage and secure mobile communications, and is also available for iOS and Android.
- Cloud providers. Cloud service providers usually supply data encryption as part of a security package. So it’s best to ask for it any time you have the opportunity, or make sure that it’s being implemented.
- Learning resources. The Digital Adoption Compass (DAC) assists micro, small, and medium-size enterprises in gaining the necessary knowledge to adopt digital technologies and expand scale and scope, and has online communities that discuss trends and assist fellow business owners.
Ask an Expert
Encryption is only part of the larger security scheme. You have to make it harder for intruders to access your data from any angle.
“You need to have a solid IT department and have strict IT protocols in place,” says Bourgi.
Consult with an expert and have them assess your needs.
“At the end of the day you’re going to have to understand what industry you’re in and what’s the extent of your data requirements,” Bourgi says. “If you’re in medical or finance, for example, you’re willing to sacrifice some convenience in exchange for security because of the nature of the industry. If you’re not in the industry you might look for a sweet spot that balances convenience and security.”
An experienced IT security provider will be able to give you an optimal combination of protection and price that will give you—and your customers—peace of mind.
Photo Copyright: ShutterPNPhotography