Current Filter: Security>>>>>Feature>

   

Business and commerce rely on encryption to protect their valuable information from being stolen or altered. However, in the hands of the enemy, encryption can be a lethal weapon turned against those who rely on its protection. That makes it vital for any organisation to keep ahead of the game, when it comes to employing the right encryption technology.

According to Tony Pepper, CEO, Egress Software Technologies, organisations around the globe have become increasingly attuned to network security and the external threat posed by hackers to highly sensitive client and commercial data. "However in practice, this attitude alone is too narrow to protect against a data breach. Research conducted by Egress Software Technologies has demonstrated that actually 93% of data breaches are caused by human error. This includes people sending confidential information to the wrong postal address, fax number or email address [as happened at the Bank of England earlier this year]; loss of hard copies or unencrypted endpoint devices; and accidental uploads of sensitive information to the public domain." The list, he says, goes on.

"The solution to this problem needs to be tackled at both an IT and executive level. A balance must be found between protecting against the external 'cyber' threat and that posed by employees going about their day-to-day work," he advises.

“Mitigating this latter point will require a combination of both educational efforts around best practice information security and the adoption of easy-to-use technology that allows staff to continue working in the same way as they're used to, but with the ability to apply the necessary security to data at any point."

Moreover, states Pepper, decision makers must also recognise that, despite best efforts to the contrary, mistakes will happen and that robust data protection policies must be applied in the background to provide a safety net for staff. "One way to achieve this is to, where possible, take decisions away from end users - for example, through policy scanning and gateway encryption. Mistakes happen, but if you can anticipate areas of the business where they're more likely to occur, then why wouldn't you use technology to reduce this risk?"

In addition, businesses need to provide ways to mitigate the impact of any mistakes through measures such as revoking access to emails that have been sent in error or preventing recipients from printing attachments - and therefore preventing them from disposing of hard copies incorrectly or losing them. "Ultimately, it is not about prioritising one data security threat ahead of another," he advises. "It is about being aware that, as a business, focus should not be limited to the external threat posed to network and endpoint security. Once organisations appreciate that the internal threat is just as great, they can apply sensible, technology-driven, steps to mitigate risk to both the organisation and its employees."

TWO-PRONGED ASSAULT
Encryption technology is in a constant state of evolution, as cybercriminals adopt increasingly sophisticated methods to misappropriate private data. "IT teams are fighting battles on two fronts: criminals trying to get in and employees taking data out of corporate networks," says Darin Welfare, EMEA VP, WinMagic. "For example, the use of unsanctioned cloud storage and sharing services such as DropBox is placing private corporate data at risk, because a breach suffered by a cloud storage service or compromised data in transit security could lead to a costly data loss.

"Our WinMagic study revealed that 41% of employees in the UK use cloud storage services at least once a week, but, at the same time, 65% admit that they don't have or don't know the company policy on use of these services. This clearly leaves data exposed to risk, and makes a vital call for employers to do more to train employees on cloud and data security policies."

From a protection perspective, companies can also mitigate the risks by encrypting all data before employees save it to the cloud, Welfare adds. "This would mean that the business is protected against any breach as data is encrypted, not just in transit, but also whilst stored in the cloud. They should also keep corporate control of encryption keys for data stored in the cloud to render data useless, if the cloud provider's systems are compromised."

Page   1  2