A company has a responsibility to protect the information in its IT systems, particularly the data regarding staff and clients. For years now there has been a simple and effective way to restrict access: encryption.
The theft or loss of sensitive information from a company’s IT systems can cause irreparable damage to its reputation. Encrypting data can prevent this damage, but many businesses still leave themselves at risk. Aston Fallen, CEO, Steganos, investigates why this is, and explains how new encryption software means that even small businesses can protect themselves.
As consumers and businesses start fresh in the New Year, it is important to take a look back to see where security mistakes could have been avoided and how to implement a proactive data protection plan. In 2007, more than 79 million Americans were victims of personal data theft, and data breaches have reached an all time high according to the Identity Theft Resource Center.
Specifically, in September 2007, a laptop that contained the social security numbers and other personal information of 800,000 people was stolen. The computer belonged to the clothing retailer Gap and stored almost a year’s worth of online and telephone job applications from the US and Puerto Rico. The story was widely reported in the media and the company’s public image suffered a devastating blow. In addition to the brand damage, Gap had to make substantial compensation payments.
It is unclear what the thief’s motivation was in this case; they may have been interested in getting hold of some useful information, or the draw could have been the laptop itself. Either way, had the data on the computer been encrypted, the theft would have been less of a concern. After all, a laptop is easy to replace. A company’s reputation is not.
Gap’s experience clearly demonstrates the risks inherent in portable technology. Business laptops or USB sticks are full of data that could be damaging in the wrong hands, and which routinely leaves the office. While desktop PCs are unlikely to get lost, they are at risk of theft. R&D discoveries, financial plans, client details and personnel information are just a few examples of the sensitive information that businesses routinely store, but fail to adequately protect.
A company has a responsibility to protect the information in its IT systems, particularly the data regarding staff and clients. For years now there has been a simple and effective way to restrict access: encryption. Had the files on Gap’s laptop been encrypted, they would have proved to be completely inaccessible to the thief whatever their intentions. Today’s encryption software, such as Steganos Safe Professional, is affordable, easy to use and highly secure. So why does so much information, particularly in small and medium sized businesses, remain unencrypted?
One reason is that although files can be encrypted easily, until recently, it has been necessary to do so manually. Drag and drop encryption allows the user to drag the files they wish to encrypt to a virtual ‘safe’ and drop them, encrypting them in the process. Of course, slick as this system is, it doesn’t work if the user doesn’t actually do it. The world of business is hectic and stressful. When you’re up against a deadline, and three phones are ringing off the hook, users often consider encryption a low priority.
The security of data is no longer dependent on staff following the rules, though, now that automatic encryption has become an affordable option, even for small businesses. Organizations can set all files created within certain applications to be encrypted, without the user needing to do anything. This covers all files created using standard applications like Word and Excel, including temporary files and configuration data which might otherwise contain fragments of confidential information. When data is encrypted at the point of creation, it is protected for its entire life cycle.
When you leave work, do you leave the office door open? When you use your credit or debit card, do you let people watch you enter the PIN? When you park your car, do you leave the windows open? If you’re anything like me, the answers to those questions are no, of course not, and only if there’s a dog in the car. We routinely protect things of value, but often underestimate the value of the data in our businesses. By introducing automatic encryption, we can ensure that our data is only available to those who are authorized to view it, whatever happens to the media it is stored on.
Contributed article from Aston Fallen, CEO of Steganos. You can read more about their products and services at https://www.steganos.com.