Encryption adds a much needed level of security to your organisation, but how does it work in practice?
Encryption has always been important for businesses, especially where personal data is being transferred between servers, or physically transported via USB or laptops. For companies in the financial and legal industries, encryption is an excellent tool for protecting sensitive data. The ICO has been issuing fines to businesses for mishandling of data for a number of years, however GDPR has put a bigger spotlight on the issue of data security. GDPR has fundamentally changed the way companies handle their clients’ data, and has prompted most businesses to re-evaluate their day-to-day security practices. Encryption is a practical and nonintrusive way of protecting data, and hides content behind lock and key. Data that is encrypted is scrambled and is only decipherable by individuals who have the matching key code. With so much information being stored online in the cloud or on shared servers, it’s vital that you have a system in place to keep track of this information and keep it private – especially when handling information that doesn’t belong to your company.
If you use portable devices such as laptops to access company files or servers, then encryption is a must. No matter how careful you are, sometimes lost or stolen devices are unpreventable. What you can prevent however, is access to your files and data once the device is in the hands of somebody else. Having a password to your device is strongly advised, but should someone be able to get past this, encryption adds an additional and stronger level of security for your files. Full Disk Encryption (FDE) with centralised management also helps protect data loss and has recovery features should a device be stolen, or damaged irreparably.
Most mobile operating systems (including Apple and Android) have encryption built-in, which simply needs activating in the settings. If you have a number of mobile devices which you would like to encrypt, you should consider mobile device management software, which allows you to see exactly which of your devices have this feature enabled, and remotely enable or disable it at the touch of a button.
Once an email leaves your email server, it can be read by any server on the journey to the recipient’s address. If you are sending personal or private information such as legal documents including financial (payroll, for example) and HR, then you need to think about protecting it with encryption. You can read more about email encryption here.
If you own a large website which transfers and stores user data, an e-commerce site for example, then website encryption is a must. A Secure Sockets Layer (SSL) prevents hackers from accessing data while it is in transit. Websites with an SSL certificate will carry the green padlock in the URL bar of a browser, and the address will have the “S” in “https://” to let visitors know they are visiting a secure site. What’s more, depending on the type of business, website encryption is a legal requirement. Whether or you are obliged to or not though, SSL is an important security tool which you should certainly consider.
Security has never been more important to the operational health of a business as it is today, and we have a wealth of experience when it comes to helping organisations put in place robust security measures. If you’d like to talk to us about your company’s IT security, please get in touch with us via our contact page. We also have a quick GDPR checklist we can provide you with, which allows you to assess your own encryption and data protection offerings to help you achieve compliance and strengthen your defences for the benefit of your clients as well as your own organisation.