In today's workplace, stealing information doesn't require a covert Special Forces team: It is often done by an employee armed with a 5 GB USB flash drive. And your unsecured, unencrypted network invites a hacker to compromise a server or workstation holding sensitive data.
But you dont have to be vulnerable. There are plenty of options available today for securing/encrypting your data and many of these options are just overlooked.
Encrypting your data does not have to be an expensive rollout like moving from NT 4.0 to Active Directory. There are many types of encryption, from complete encryption at the enterprise level down to the often overlooked encryption of an individuals workstation. With so many options, your perfect solution is surely available.
I believe encryption is as important as a firewall. You wouldn' leave your network unprotected by a firewall — we all know thats as foolish as just giving a hacker your enterprise or domain admin password. Nor should you leave your sensitive data unencrypted; encryption ensures that your data is secure.
But how, specifically, might encryption be useful to you?
When you send an email of sensitive information, encryption provides security that no unauthorized parties have access to your data. If your password is encrypted, it cannot be duplicated by anyone else so it ultimately proves your identity when you sign on to a computer or use a smart card or an RSA device.
When you sign an email with an encrypted signature, the email cannot be changed or modified without changing the digital signature. Using digital signatures provides you with proof that a document has not been compromised.
Encryption can be used for email exchange as well as to encrypt documents on your hard drive. Encryption is used when logging onto a system, SSL connections on the web, and on anything that is sensitive within your business model.
Just as you have a disaster recovery plan, you should also create an encryption plan for your organization. Make it corporate policy to digitally sign every email. Configure encryption over your remote connections. Use encryption technology to encrypt the entire contents of your hard drive.
With the amount of data being too frequently compromised, not having an encryption plan for your company is security suicide. 9/11 was a disaster recovery wake-up call for many companies who lost everything because they didn' have a plan in place; many companies quickly got their acts in gear after the fact to have disaster recovery sites configured.
Not having an encryption plan may not quite stop you dead in your tracks as failure to have disaster recovery did for some, but it could cause your stock to fall, profits to decline, and peace of mind to be shattered. Do yourself a favor and configure an encryption plan for your company today.