Healthcare records stolen by hackers; credit card information compromised; personal information and social security numbers lost: with these events being reported almost daily, how do we protect vital and confidential data? And why aren’t we doing so effectively in the first place? Here are a few myths about encrypting your data that may be making it easier for the hackers.
1. Encrypting data is too complicated
If by ‘encrypting your data’ you immediately think of encrypting every single file on every single computer, mobile device, and server that your company has, then yes, it’s definitely going to be too complicated. Figure out which data is sensitive enough to require encryption and encrypt those.
2. Data stored in the cloud isn’t more secure because it’s encrypted
It is. Storing your data in the cloud when it’s encrypted (either by you or your cloud manager) is always going to be more secure than simply storing it on hard drives with no encryption. It’s like putting your social security card in a safety deposit box, as opposed to a home safe, or leaving it on your desk. When you store your data in the cloud, always ensure that you know who has the decryption keys. Encrypting your data doesn’t do you any good if you store the key with the data itself. That’s dangerously close to leaving your keys in the cupholder of your car.
3. Using the encryption that comes with my OS is OK
While the 128-bit encryption that often comes with smartphones these days will, in general, protect and encrypt your data, if you need to encrypt 50 different phones and computers all with different operating systems, this isn’t going to work. In order to effectively secure your data across a widespread amount of devices, using an enterprise solution will ensure that all of your data and devices are encrypted with a cross-platform solution, thus easing the load on both resources and your IT team.
4. If I encrypt my data, then it’s safe
No security measure is ever guaranteed to protect your data. When encrypting anything (or really, implementing any kind of data solution), always think “when/then” rather than “if/then.” Operate with the mindset that eventually, if someone wants your data badly enough, they’re going to get it. Encryption can certainly make this easier, as you cannot decrypt data without the key. However, there can be traces of what was there before; if at one point, the data you are using wasn’t encrypted, then there will be traces of it that analysts and forensic specialists can use to piece together information.
5. What if I protect it with a password?
Many companies will say that a good password is enough to stave off any attacks, but this isn’t true. For someone to break the passwords to your files, the solution may be as simple as taking out the hard drive, plugging in into their own system, and tinkering with it. There are many, many freeware tools on the internet that help with exactly this scenario.