In todays workplace, stealing information doesnt require a covert Special Forces team: It is often done by an employee armed with a 5 GB USB flash drive. And your unsecured, unencrypted network invites a hacker to compromise a server or workstation holding sensitive data.
But you dont have to be vulnerable. There are plenty of options available today for securing/encrypting your data and many of these options are just overlooked.
Consider in recent news the security breach where hackers obtained access to more than 40 million credit card accounts. Could this have been avoided?
Yes! If the data had been encrypted, we wouldnt have 40 million people losing sleep.
In other news, Citigroup announced that 4 million consumer records, stored on magnetic computer tapes, were mysteriously lost during a shipment by UPS to a credit reporting agency.
Guess what? Those tapes were not encrypted. And the list of examples goes on.
With this string of incidents, it is very clear what has to happen. We must start encrypting our data. It is essential.
Encrypting your data does not have to be an expensive rollout like moving from NT 4.0 to Active Directory. There are many types of encryption, from complete encryption at the enterprise level down to the often overlooked encryption of an individuals workstation. With so many options, your perfect solution is surely available.
For example, MCI is now evaluating stronger security measures following the theft of a laptop containing Social Security numbers and names of 16,500 current and former MCI employees. The laptop was stolen from the employees car. The computer was password protected but there has been no comment on whether the data was encrypted.
I believe encryption is as important as a firewall. You wouldnt leave your network unprotected by a firewall -- we all know thats as foolish as just giving a hacker your enterprise or domain admin password. Nor should you leave your sensitive data unencrypted; encryption ensures that your data is secure.
But how, specifically, might encryption be useful to you?
When you send an email of sensitive information, encryption provides security that no unauthorized parties have access to your data. If your password is encrypted, it cannot be duplicated by anyone else so it ultimately proves your identity when you sign on to a computer or use a smart card or an RSA device.
When you sign an email with an encrypted signature, the email cannot be changed or modified without changing the digital signature. Using digital signatures provides you with proof that a document has not been compromised.
Encryption can be used for email exchange as well as to encrypt documents on your hard drive. Encryption is used when logging onto a system, SSL connections on the web, and on anything that is sensitive within your business model.
Just as you have a disaster recovery plan, you should also create an encryption plan for your organization. Make it corporate policy to digitally sign every email. Configure encryption over your remote connections. Use encryption technology to encrypt the entire contents of your hard drive.
With the amount of data being too frequently compromised, not having an encryption plan for your company is security suicide. September 11 was the disaster recovery wake-up call for many companies who lost everything because they didnt have a plan in place; many companies quickly got their acts in gear after the fact to have disaster recovery sites configured.
Not having an encryption plan may not quite stop you dead in your tracks as failure to have disaster recovery did for some, but it could cause your stock to fall, profits to decline, and peace of mind to be shattered. Do yourself a favor and configure an encryption plan for your company today.