Story image

Data encryption: Safe even when lost or stolen

27 Feb 15

Data encryption should be a key component of your client’s ‘defence in depth’ network security solution set, says Chillisoft New Zealand, 
the Oceania distributors for ESET security solutions.

Data encryption is the most effective way to secure data ‘at rest’ (ie on disk and removable media) and as it travels through cyberspace (email). Encryption is based on secret keys - one for encryption and the other for decryption - that are virtually impossible to crack. 

Encryption can help secure sensitive data in cases of unauthorised access to your client’s network or if a laptop or USB thumb drive are lost or stolen.

Data encryption adds another layer of protection for your client’s data so that, even in the event of a security breach, your client’s data remains out of reach. To ensure the best possible protection, it makes sense for resellers to offer at least one ‘pure play’ encryption solution that contains industrial strength protection combined with advanced management and policy controls. Not only does this create another revenue stream but it also provides a safer online environment for your clients.

Not just for spies

To some businesses, encryption may be seen as a ‘black op’ - the preserve of spies and government agencies. 

Potential users may fear being locked-out of important documents because they can't remember an encryption key, but in a properly implemented solution, this doesn't happen. The individual files and the hard disk drive are encrypted with a key issued to each user by an administrator. 

So it is highly unlikely that ‘forgetting the key’ would be a problem.

Files, disks and email: Comprehensive protection

Installed correctly, dedicated encryption solutions run in the background, transparent to users.

Resellers can advise their customers which data should be encrypted based on the sensitivity of the data and the risk of loss. Compared to some other components of a layered security strategy, encryption is relatively easy to install, manage and use. 

Typically, ‘at rest’ encryption is used at both file level, where individual files can be encrypted, and at the disk level where an entire disk is encrypted, such as for laptops holding commercially sensitive or private data. 

Encrypting email or email storage can prevent embarrassing disclosures of private commentary. Leaked emails have become a staple for the tabloid press and could easily be avoided.

It’s the law

If your clients maintain personal information and it is leaked due to inadequate protection, they could be breaking the law. 

Principle five of the New Zealand Privacy Act 1993 mandates that ‘everything reasonably within the power of the agency is done to prevent unauthorised use or unauthorised disclosure of [personal] information’. With its widespread availability, encryption is clearly ‘reasonable’ protection. Indeed, in Europe, where they take data privacy very seriously, there are hefty fines for loss of sensitive data. 

As more and more organisations turn to mobile devices and remote access to corporate systems, the risk of data leakage will only increase. Encryption is simple to install, cost-effective and easy-to-use. It should be a key solution in your security portfolio.   

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.