McDonald's, Volkswagen, and Audi have all lately announced that their customers' private personal information has been exposed. This is more evidence — if we needed it — that no business is immune to a data breach, and that even the world's largest security budgets and teams struggle to prevent data from being lost, leaked, or stolen.
Data encryption at the company or industry level (such as data encryption in the health sector) is becoming acknowledged as a simple solution to mitigate this risk – locking information down so that whatever occurs around it, it stays unreadable to anybody who is not allowed to access it. This is emphasized by President Biden's recent Executive Order on Improving the Nation's Cybersecurity, which requires encryption of data both at rest and in transit.
The good news is that encryption implementation is expanding, particularly on portable devices, as seen by Apricorn's yearly study. Nearly a third (31%) of IT leaders polled stated their firm now needs all data to be protected as a norm, and 32% said encryption has increased across all mobile and portable devices in the last year. Almost a quarter (24%) of firms have a policy in place to encrypt all data kept on their systems or in the cloud.
The findings also show how a lack of encryption may leave a company vulnerable: In the previous year, 12 percent of IT leaders polled indicated this was the cause of a data breach in their organization.
Removable Media Security and Control
When it comes to external hard drives and USBs, encryption is especially advanced, with 77 percent of IT leaders indicating that their business demands encryption of all data stored on such devices.
Many of them have rules in place that allow them to manage which removable media devices are connected to their networks and systems, with more than half (51 percent) restricting their employees from utilizing devices permitted by the business.
A third (33 percent) prefer hardware-encrypted devices over software encryption because the keys are safely stored in a crypto module, which prevents brute force assaults and illegal access. Even better, if the device has its own PIN pad for authentication, all authorization and cryptographic procedures are performed within the device itself, ensuring that crucial security parameters are never shared with a host computer.
The rise in the usage of encryption appears to be continuing. When asked how they expect to spread encryption across their enterprise, IT decision-makers polled by Apricorn stated they intend to grow usage of USB sticks (19%), laptops (16%), desktops (12%), mobiles (22%), and portable hard drives (18 percent ).
The proposals for increasing encryption are quite encouraging, but they must be firmly integrated into remote and hybrid working practices if they are to be effective. Many staff will be working from home for at least the next six months, if not forever. As employees access networks, systems, and databases from a variety of places, using both business and personal devices, the danger surface will grow. In this increasingly mobile, complicated working environment, devices are likely to be a specific area of vulnerability, providing attackers with a simple possible entry point for getting access to company data and networks.
Creating a Security Culture
Employee education will be critical in ensuring that security and encryption standards are followed. More than a quarter of IT leaders polled by Apricorn say their remote workers just “don't care” about security, indicating a lack of involvement.
Every individual must be aware of their encryption obligations. They'll need detailed instructions on the company's rules, as well as which tools, gadgets, and technologies they may use and how to use them properly. Companies may provide their whole staff the opportunity to securely keep data offline and safely transport it between the office and home by giving detachable USBs and hard drives that automatically encrypt any data written to them.
Encryption allows enterprises of all sizes to be more productive and flexible while protecting essential data and systems. The truth is that the large businesses listed at the beginning of this piece have the ability to withstand the storm of a data breach.
Their stock price may suffer temporarily, and they may face a huge punishment, but they have the consumer loyalty and resources to withstand the blow. This is not true for all organizations. Encrypting all data as a normal practice would not only limit the potentially crushing financial impact of a data breach, but will also preserve the company's brand and consumer confidence.