Encryption's in the news—but what is it?

Next story

Encryption has become an increasingly hot topic in the last few months—most recently, with Apple’s refusal to help the FBI unlock an iPhone that belonged to one of the shooters in the San Bernardino incident.

The FBI and NSA have been asking for years that tech firms who produce encrypted apps and devices be required to build in vulnerabilities that would allow law enforcement officials, with warrants, to access suspects’ phones and messages.

But leaders of the biggest firms, including Apple, Facebook and others, have resisted, citing privacy and technology issues. Security experts generally concur that built-in vulnerabilities can cause more problems than they solve.

They have high level support—last October, the Obama administration released a report noting that any vulnerability, or “backdoor,” that could help law enforcement agencies bypass encryption to access consumer info, could also open doors for terrorists and cybercriminals.

While the controversy continues, one fact is indisputable: Encryption is a powerful tool for locking down data and an essential element for any company’s security strategy.

Why encryption is essential

As an idea, encryption is not new. The principles are the same today as they have always been: the coding of information to make it unreadable to unauthorized parties. Complex mathematical algorithms are used to scramble sensitive information and the only way it can be accessed is with a special key (read our Encryption 101 for more).

This means that should you lose a portable device, such as a USB stick or smartphone, which has encrypted information on it, the data is still secure. Or, if a laptop is stolen or your network is compromised during a cyberattack, the data is still protected.

That’s what makes encryption so valuable. For all types of organizations, total encryption—of hard drives, removable media, files and email—is a must.

Here’s a high-profile example: the Anthem medical data breach in 2015. Anthem could have protected some 80 million customer records by simply encrypting the data—which included Social Security numbers—to render it unreadable to hackers.

A modest investment in secure encryption would have saved more than $100 million in notifications, credit monitoring and regulatory fines.

Let’s take a closer look at encryption, highlighting its effectiveness as a universal solution across three core sectors.

Healthcare

Healthcare providers focus on ensuring patients experience a high level of care, including benefitting from the latest advancements in medical treatments and therapies.

The challenge before the industry now is to ensure that the positive effects technologies have on healthcare are not lost due to cybercriminals who are able to guess a user’s password and gain entry into a system that’s not encrypted.

The repercussions of not doing enough can be huge, as the 2014 Concentra case revealed. The healthcare company was hit with a $1.7 million fine for failing to “adequately remediate and manage its identified lack of encryption or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent alternative measure.”

While HIPAA doesn’t require data to be encrypted, it also does not consider loss of encrypted data a breach. Essentially, incorporating encryption provides safe harbor from HIPAA notification rules.

Education

The education sector is a prime target for cybercriminals. Whether it’s a primary school or a university, all academic establishments have a tremendous amount of information, belonging to current and former staff and students, that is highly desirable to cybercriminals.

As classrooms become increasingly digitized and approaches such as BYOD (bring your own device) gain wide acceptance, there is an impetus for educators to develop a tech-rich infrastructure that allows students to thrive and teachers to pursue research initiatives without having to worry about data protection.

Encryption offers educators confidence that all data, such as student information, remains inaccessible whether it’s within the perimeter of your network or not.

Finance

Legal and regulatory obligations imposed on companies specializing in financial services, including those stipulated by PCI-DSS, SOX and GLBA, are some of the most stringent around. They have to be, as the cost of unintentional non-compliance, financially and in terms of reputation, can be severe.

The complex nature of financial firms is enough reason to warrant the blanket use of encryption, so that all data and hardware, as a standard, is protected from the get-go. While the proliferation of devices has allowed financial companies to become more agile, it’s also amplified the likelihood of an attack and for data to be accidently or purposely leaked. Encryption, as part of a layered security approach, offers a powerful response to such possibilities.

What you can do

Whatever your industry or number of employees, encryption can help ensure that your information remains confidential at all times. Encryption will actively reduce your exposure to risks, help you fulfill regulatory compliance requirements and protect your organization’s reputation.

Learn more about how to protect your business’s important files on hard drives, portable devices and sent via email with ESET’s DESlock+ encryption solutions. By delivering encryption across all aspects of your enterprise, DESlock+ helps ensure your key asset—your data—is always secure.