One of the biggest things keeping business leaders up at night is how to prevent giving the game away. Gaining a competitive advantage means keeping your strategy from the hands of the opposition. In today’s world ‘the opposition’ has taken on new meaning. No longer are businesses simply rivalling their corporate counterparts, but they are now also fending off countless attacks from professional cybercriminals. Faced with a world where the goalposts are constantly shifting, the question on everyone’s lips is: how can you share sensitive information in a speedy, simple and secure way and avoid giving the game away? When you factor in the impending GDPR legislation and the penalties for non-compliance, it becomes even more difficult.
There are countless ways data could be exposed; a mobile phone left in a taxi or a waylaid work laptop could make sensitive, highly confidential information vulnerable. Whether this is a result of simple human error or malicious behaviour, the end result is the same – your data is no longer under your control. However, with encryption in place, this data is indecipherable illegible to anyone without the key. Encryption has the reputation of being a complicated undertaking, but it is actually a relatively straightforward and potentially catastrophe-averting process. Here are three ways to use encryption to prevent data loss:
#1: Is your password passable?
The easiest, yet often overlooked way to protect your files is to lock them with a password. For instance, when sharing data via an Excel file, users have the option of adding a password to ‘lock’ the document so those who have not been provided with the password cannot access the information. With this function, users are immediately and automatically protecting their data with strong AES256 encryption. The secured file is then sent using normal email channels, but the password is sent separately by SMS to the entrusted recipient. It really can be that easy, and for most cases of data sharing, it’s a security process that works perfectly well. Moreover, it’s an action that can be easily introduced as a standard business procedure, without the need for additional IT budget to support the change. However, the main drawback of this is that the user must do the work, taking personal responsibility for sharing and protecting passwords.
#2: What is encrypted, stays encrypted
‘Always-on’ encryption is becoming an attractive proposition for businesses, especially considering the arrival of GDPR is drawing ever closer. The appeal of implementing continuous encryption is that it delivers round-the-clock protection – each file in the network is automatically encrypted until someone makes an intentional decision to remove it. This always-on encryption is easy to introduce as the recipient only requires a password sent via SMS or email, and businesses gain reassurance that only encrypted files are leaving the building. For organisations looking for a safe and effective way to store and access data on their internal networks, without staff having to spend hours to get to grips with the new system, this solution is ideal. Automatic encryption that has to be manually deactivated enables businesses to ensure effective encryption is embedded into long-established policies and procedures.
#3: Reserve the right to revoke
As soon as data has been decrypted, it is no longer under the control of the initial sender. This leaves businesses vulnerable to potential leaks, with everything riding on how trustworthy the recipient really is. As soon as the data is decoded and ‘out there’, it is free to be shared with anybody. This means you go from having complete control over the information to keeping your fingers crossed it won’t end up in the wrong hands (especially as you’re always liable for any information shared by your company). However, there are solutions available that allow the sender to instantly revoke access to any file, at any time – irrespective of its location and ‘platform’ (if it’s been copied to a USB drive, or shared via tools like Dropbox and OneDrive). Alongside data loss prevention and classification, individual files can be encrypted automatically, giving IT the necessary control to keep files safe across a complex, distributed working environment.
Implementing encryption as a component of a wider GDPR response strategy doesn’t have to be complicated, but it does have to be comprehensive. Encryption will be of the utmost importance for companies looking to avoid severe regulatory fines when the GDPR leniency period ends in May, but companies that introduce the practice now will also be protected against data breaches immediately. Considering estimates place the cost of a data breach at $3.62m, encryption is an essential process businesses can’t afford to be without.
[su_box title=”About Alex Dalglish” style=”noise” box_color=”#336588″][short_info id=’102829′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.