- Remote working and rise in ransomware drive IT leaders to manage risk with mandatory encryption
- Nearly three quarters require encryption of data held on removable media
The number of UK organisations implementing data encryption as a core part of their cybersecurity strategy has continued to rise, with 32% introducing a policy to encrypt all corporate information as standard in the last year. In total,almost half (47%) of organisations now require the encryption of all data, whether it’s at rest or in transit. This is according to an annual survey of IT decision makers carried out by Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives.
Thirty-two per cent of organisations encrypt all data when it’s stored on their systems or in the cloud. Only 2% do not currently see encryption as a priority.
The stakes are getting higher for those organisations that don’t give the approach sufficient attention: 16% of the IT leaders surveyed admitted that a lack of encryption had been the main cause of a data breach within their company, up from 12% in 2021.
When asked about the main reason their organisation has increased the implementation of encryption over the past year, nearly a quarter (24%) of respondents said this was due to the rise in remote working, with 16% citing the rise in ransomware attacks.
Jon Fielding, managing director EMEA Apricorn, says: “It’s encouraging to see encryption high up on corporate priority lists; messages about the crucial role it has to play in protecting sensitive information are clearly getting through. When data is encrypted, it’s fully protected – if an unauthorised individual gains entry to an IT system or picks up a device that’s been left in an Uber, for instance, the information will remain unreadable.”
Nearly three quarters (73%) of organisations now have a policy that requires the encryption of all data held on removable media, such as external hard drives and USBs. Twenty-seven percent actively enforce the encryption of data on mobile devices and removable media. Forty-two percent only allow the use of removable storage devices if the data is hardware encrypted – up from 33% last year.
Jon Fielding explains: “Built-in hardware encryption with onboard authentication affords stronger protection than software-based encryption, which can leave devices exposed to counter resets, software hacking, screen capture and keylogging. When held in a hardware crypto module, encryption keys are protected from brute force attacks and unauthorised access.”
The proportion of organisations dealing with the risk to data held on removable media by physically blocking their use has dropped from 13% in 2021 to just 8% this year.
“This indicates an increasing maturity of approach to cybersecurity in the hybrid working environment,” continues Jon Fielding. “By choosing to avoid a ‘blanket ban’ on removable devices and seeking instead to secure the endpoint and the data, they can fully reap the productivity and flexibility benefits gained from storing or moving data around safely, offline.”
Data encryption provides organisations with a way to mitigate the biggest challenges faced by organisations when implementing a cybersecurity plan for remote or mobile working. According to the IT leaders surveyed by Apricorn, the three biggest problems are the complexity of managing all of the technology that employees need and use (cited by 42%), followed by the likelihood that employees will unintentionally expose the organisation to a data breach (38%), and uncertainty around whether data is adequately secured (32%).
“Organisation-wide encryption is a straightforward way of staying ahead of evolving cyber threats, complying with legislation and mitigating human error,” says Jon Fielding. “To be completely effective, it needs to become ‘business as usual’ – embedded into ways of working, mandated in policy, and enforced at an operational level.”