Posted on Monday, November 07, 2016 in CybersecurityBlog written by Rob Swenson
Data encryption is playing an increasingly vital role in the protection of electronic information.
Encryption is the process of converting data into computer coding that cannot be easily deciphered by unauthorized users. However, users with the password or online key can convert the mathematical algorithm back to readable data.
“In today’s world, where cybersecurity is a big issue and data is being sent to the cloud, the topic of data encryption has become more important,” says Gary Glissendorf, a network architect at SDN Communications in Sioux Falls. “If you can encrypt your data before someone else gets to it, it gives you another layer of protection.”
Small businesses concerned about data security essentially have three options for encryption software, Glissendorf says.
- Encrypt data locally on devices such as personal computers and servers.
- Have data encrypted as it leaves equipment such as routers and firewalls.
- Have a service provider encrypt data as it enters the network.
The effectiveness of encryption practices varies. Encryption strength is related to factors such as key size.
“The quality of the hardware will increase the robustness and the effectiveness of the encryption,” Glissendorf says.
A company worried about the its data security should encrypt the information as close as possible to where it lives, he says.
“The best option is to encrypt it as soon as you can and decrypt it as late as you can.”
Misuse of encryption
Cyber thieves who use ransomware know all about encryption.
Ransomware is malware used to extort money from victims. Hackers break into networks and encrypt the contents of electronic files or lock out computer users. Then, the hackers demand payment to decrypt the files or to restore user access to the information.
Encrypting data might not protect information from hackers seeking ransom payments, but it will significantly reduce the risk of sensitive or valuable business information being exposed and misused.
Encrypting data also does not reduce the need for vigilant security policies and practices on other fronts.
Old-fashioned carelessness is one of the biggest potential threats to good encryption. Rather than try to decrypt protected data, hackers might focus on stealing the password. Social engineering, or tricking people out of information, can be an effective way for hackers and thieves to gain access to stolen information.
The best encryption in the world is of little value if a poorly trained employee hands over the key to unlock data. Obviously, great care also must be taken to protect encryption keys from getting lost.
Encrypting and decrypting data and protecting the key might be an inconvenience for businesses, but potential benefits outweigh the hassle.
For example, encryption will protect data on lost or stolen mobile devices as well as information in networks that are hacked.
Businesses are storing increasingly more data in off-site servers, known as the cloud. A cloud server beyond the immediate control of the data owner might be a rich target for hackers.
Data can be vulnerable on a variety of devices and networks, but international thieves don’t represent the only threat to data. Attacks also might come from a fired employee who wants to cause trouble or from an unscrupulous competitor looking for information.
Encryption might especially be in order for industries with a regulatory obligation to keep clients’ information private. A financial institution, for example, is obliged to protect cardholder information, and health systems have a duty to protect patient information.
Companies might not be legally mandated to protect their customers’ information with encryption, but encryption is certainly a good potential tool.
Encryption also can provide companies a competitive advantage. It’s a tool that more businesses would be wise to consider.
Helping businesses with cybersecurity is a specialty of SDN, a leading regional provider of broadband connectivity to businesses and institutions. For more information about the company and its cybersecurity offerings, visit the What We Do section of SDNCommunications.com or call 800-247-1442.