Protecting sensitive data has become a requirement for most organisations around the world as data breaches have become increasingly common.
Companies have now realised that data protection is no longer an afterthought, but a building block of any successful modern business, and have started building complex data protection strategies in line with compliance requirements and new international standards.
Encryption has emerged as a key element of such strategies and an efficient and simple way to secure data from both malicious outsiders and careless insiders.
Using Encryption to Protect Data at Rest: Data found on work devices is often the most vulnerable to data breaches. Whether it is stored on laptops, removable devices or mobile phones, if a device is stolen or lost, it means data can be easily accessed.
Login credentials by themselves do not protect data on company computers from being accessed as they can easily be bypassed by booting a device using a USB drive. Encryption offers an effective way to safeguard data.
By encrypting work computers’ hard drives, companies ensure that no matter how a device is booted up, outsiders would not have access to the data stored on it without a decryption key.
Even better, hard drive encryption has now become a standard tool already included in the most popular operating systems: Windows has BitLocker and macOS, FileVault.
This means that companies do not have to make any additional investments to enable encryption. Individual files can also be encrypted through the same tools, allowing organisations to add an extra layer of protection to sensitive data files.
Encryption of data at rest is especially helpful as a preventive measure in the case of cyberattacks. If data is stolen, it cannot be accessed by cyber-attackers, ensuring that it cannot be used, sold or made public.
Encrypting Data in Transit: With the rise of remote work during the COVID-19 pandemic, data has never travelled so much. While before, its physical movements were confined to occasional conferences and off-site meetings, now it has been taken out of the security of company offices and into the homes of employees, private spaces.
Where security is outside the control of organisations, for extended periods of time and by all employees simultaneously. The shift has created a window of opportunity for data loss and theft which encryption can help mitigate.
We’ve already mentioned how hard drive encryption helps prevent data access on stolen or lost computers. However, companies must also ensure data stored on removable devices is just as secure from data breaches.
USB drives, in particular, are widely used as quick data transfer tools, allowing employees to take sensitive data with them everywhere without being encumbered by a laptop.
They can also easily be used to steal data from a computer. This is a higher risk in a remote work environment where companies cannot control who enters and leaves the home of an employee and how to secure a home from outsiders.
While this should always be used as part of a comprehensive data protection strategy that addresses a company’s specific industry and compliance needs, encryption is one of the essential tools companies have at their disposal to protect their data.
Easy to adopt and use, once it is implemented, it guarantees that, if attempts are made to steal data or a system is breached, malicious outsiders still do not have direct access to sensitive data.
(This opinion piece is written by Filip Cotfas, Head – India Business, CoSoSys. The views expressed in this article are of the author.)