07/11/2017
Why Encryption is Essential
As an idea, encryption is not new. The principles are the same today as they have always been: the coding of information to make it unreadable to unauthorized parties. Complex mathematical algorithms are used to scramble sensitive information and the only way it can be accessed is with
a special key.
This means that should you lose a portable device, such as a USB stick or smartphone, which has encrypted information on it, the data is still secure. Or, if a laptop is stolen or your network is compromised during a cyber-attack, the data is still protected.
That’s what makes encryption so valuable. For all types of organizations, total encryption—of hard drives, removable media, files and email—is a must.
Here’s a high-profile example: the Anthem medical data breach in 2015. Anthem could have protected some 80 million customer records by simply encrypting the data—which included Social Security numbers—to render it unreadable to hackers.
A modest investment in secure encryption would have saved more than $100 million in notifications, credit monitoring and regulatory fines.
Let’s take a closer look at encryption, highlighting its effectiveness as a universal solution across three core sectors.
Healthcare
Healthcare providers focus on ensuring patients experience a high level of care, including benefiting from the latest advancements in medical treatments and therapies.
The challenge before the industry now is to ensure that the positive effects technologies have on healthcare are not lost due to cyber criminals who are able to guess a user’s password and gain entry into a system that’s not encrypted.
The repercussions of not doing enough can be huge, as the 2014 Concentra case revealed. The healthcare company was hit with a $1.7 million fine for failing to “adequately re-mediate and manage its identified lack of encryption or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent alternative measure.”
While HIPAA doesn’t require data to be encrypted, it also does not consider loss of encrypted data a breach. Essentially, incorporating encryption provides safe harbor from HIPAA notification rules.
Education
The education sector is a prime target for cyber criminals. Whether it’s a primary school or a university, all academic establishments have a tremendous amount of information, belonging to current and former staff and students, that is highly desirable to cyber criminals.
As classrooms become increasingly digitized and approaches such as BYOD (bring your own device) gain wide acceptance, there is an impetus for educators to develop a tech-rich infrastructure that allows students to thrive and teachers to pursue research initiatives without having to worry about data protection.
Encryption offers educators confidence that all data, such as student information, remains inaccessible whether it’s within the perimeter of your network or not.
Finance
Legal and regulatory obligations imposed on companies specializing in financial services, including those stipulated by PCI-DSS, SOX and GLBA, are some of the most stringent around. They have to be, as the cost of unintentional non-compliance, financially and in terms of reputation, can
be severe.
The complex nature of financial firms is enough reason to warrant the blanket use of encryption, so that all data and hardware, as a standard, is protected from the get-go. While the proliferation of devices has allowed financial companies to become more agile, it’s also amplified the likelihood of an attack and for data to be accidentally or purposely leaked. Encryption,
as part of a layered security approach, offers a powerful response to such possibilities.
This information is excerpted from this article:https://cdn5.esetstatic.com/eset/US/resources/docs/tech-briefs/Encryption_WhatIsIt_TB.pdf
