Using Encryption to Prevent Data Breach Fines
An excellent article was recently posted on Security Week regarding the use of encryption to prevent data breaches. As we've pointed out in the past, encryption should be mandatory in any instances where sensitive data is being handled. By requiring the use of encryption, IT and Infosec professionals can save their organizations time and money in the long term.
The Security Week article, entitled "The Encryption Advantage: Simple Steps to Protect your Valuable Information" does an excellent job of illustrating how using encryption can prevent costly fines.
Here is an excerpt:
"The most important thing about encryption is that in most cases, it shields a company from having to disclose a data breach that can bring embarrassment, brand damage and, ultimately, harm to their customers. Most of the 50 states have adopted breach notification laws, but 42 of them have an exception allowing companies to avoid having to disclose a breach if the data exposed was encrypted. The language in the Arizona breach notification law is typical: "[The law] excludes data that is redacted or secured by other methods rendering data unreadable or unusable from notification obligations.""
So why do we continue to hear about data breaches on a weekly basis? Is more education needed? Maybe heftier fines will bring about the change needed? Whatever the case, adoption of encryption isn't where it needs to be... yet.
Some IT security pros bring up convenience, which has some validity. However, most current encryption techniques are relatively easy to use.
Kanguru's secure thumb drives are a prime example of this. The Kanguru Defender line of encrypted flash drives require no administrator rights and are self contained so that nothing needs to be installed on the host computer. Once a correct password has been entered, data can be saved directly to the device or dragged and dropped onto it.
Any data saved to (or dragged to) the device is automatically encrypted. Quick, easy, and simple.
Anyone handling sensitive data in a mobile capacity (whether government, healthcare or financial industries) should be using a Kanguru drive or similar encrypted storage device. It will save major headaches down the road.