Encryption 101: How to protect sensitive data
With more data breaches being reported every day, it’s hard to ignore the fact that businesses must be proactive in protecting sensitive data. An important layer in your cyber defense strategy is to encrypt data relating to personally identifiable information, financial reports, research and development, new product plans and more.
“Encryption is the process of scrambling data so that only the people you authorize can decipher it,” said Michael Cocanower, president and CEO of Phoenix-based itSynergy. “Think of it like a Post Office mailbox. Anyone can put a letter in the mailbox, but only the postal worker can open the door to retrieve, or decipher, the information that was deposited.”
Cocanower, a cybersecurity expert and certified ethical hacker who has been recognized nationally and locally for his IT expertise, will conduct a free, 15-minute “Encryption 101” webinar on Thursday, July 12 at 11:30 a.m. Geared towards non-technical end users in business at any level, the webinar will include tips for protecting sensitive data through encryption and address Arizona’s new data breach notification law. Interested participants can register at: http://www.itsynergy.com/webinar.
“Arizona’s new law only applies to compromised data that is not encrypted. The good news is that utilizing encryption technology has become much easier than it used to be. All businesses should take an inventory of the personally identifiable information they store and assess whether that information can be stored in encrypted form or not. If it can, then even if you are breached, the notification requirements will not trigger if the stolen data was encrypted,” Cocanower said.
With more employees storing data on their phones, laptops, home computers and in the cloud, sneaky thieves have more entry points to access sensitive data. A recent survey by Sophos found that while 84 percent of companies said they are concerned about data security in the cloud, only 39 percent reported that they encrypt all files stored in the cloud. Another 47 percent said they encrypt some files stored in the cloud, while 11 percent said they don’t encrypt any files in the cloud but plan to.
Another big issue: many businesses don’t extend the same level of protection to their employees as they do to their customers. The Sophos survey of 1,700 global business executives who handle IT decision-making revealed that employee bank details are encrypted by 69 percent of companies that store that type of data. Of the U.S. companies surveyed that do use encryption, only 79 percent claim to always secure employee bank details.
The global survey also found that 43 percent of the companies holding sensitive employee human resources files don’t always encrypt them, and 47 percent of those that store employee healthcare information fail to consistently encrypt these records.
“Encrypting sensitive data makes a lot of sense, particularly in light of Arizona’s new data breach notification law, which only triggers if personally identifiable data is not encrypted. Considering the hefty fines businesses can face if they are not compliant, it’s worth bringing on an IT partner to help your firm navigate the complexities involved with this new law,” Cocanower said.
The “Hacking the Human” webinars take place at 11:30 a.m. on the second Thursday of each month. Each webinar provides useful tips to ward off cyberattacks and more complex social engineering schemes that result in theft and corporate espionage.
For more information, call itSynergy at (602) 297-2400 or visit www.itsynergy.com.