Encryption can be the answer to many data security
issues faced by small and medium businesses. Not only can it protect
sensitive information from unauthorized use and minimize the risks arising from
data breaches, implementing this technology can also represent another step
towards compliance with legislation, especially with respect to the General Data Protection Regulation (GDPR).
But in cybersecurity, there is no silver
bullet – meaning that no single product or service can handle all the potential
threats out there. This applies to encryption also, as even this technology –
despite its many advantages – still has limitations that you need to take into
consideration. So before opting for a specific product, be sure you know the
one that best fits your needs.
Focus on ease of
use
According to a recent study on data breaches carried out by the Ponemon Institute,
human error is second only to malicious actors when it comes to the most
commonly cited root cause of data leaks. However, these can be avoided by
deploying a solution that is easy to use.
“There will always be the
need for some encryption to be carried out by the user, based on policy and
training.”
There will always be the need for some encryption
to be carried out by the user, based on policy and training. If these actions
require expert knowledge and the product is not user-friendly, employees might
try to find the easy way out and company rules could be broken. With a
simple, user-friendly solution, this can be avoided.
Require a solution
with easy management
A recent IDC survey on ESET’s behalf has also shown that ease of
management and ability to recover a lost access key are among the most important
criteria when a business is in the process of choosing an encryption solution.
To avoid cases where employees are unable to
decrypt their data because they have forgotten their keys, search for solutions
that use a system of shared encryption keys, managed by on-site system
administrators.
This is similar to the use of actual keys,
something we all understand before starting elementary school. On top of that,
it also makes sharing encrypted data within a predefined group quick, easy and
in many cases, transparent for the user.
Ask for adaptability,
scalability and flexibility
The solution you choose should be scalable and
flexible, so that you can easily add advanced features if necessary, enabling
you to vary enforced policies and keys remotely — helping you to keep a
strong default configuration.
Select a product that doesn’t require
reinstallation for upgrades or renewals. In addition, don’t forget that if an
encryption solution is available as a perpetual license, including annual
maintenance and support, or as a subscription license, it can enable you to
manage costs and improve your financial flexibility.
Choose whom to
trust
Select a solution that employs industry-standard
encryption algorithms that you can trust, and a sophisticated key-sharing
system for secure data exchange among all users.
Check if the encryption solution you are
considering meets the rigorous FIPS-140-2 standard in the US and is validated
by the National Institute of Standards and Technology (NIST). Also verify if it
has been certified by key players on the market (i.e. OPSWAT) and has performed
well in independent tests.
There is no such
thing as a bad question when it comes to data protection
Set your data protection strategy carefully and
choose the encryption solution that helps you fulfill it in a way that suits
you best. To make the right decision, don’t shy away from any questions you
might have about usability and features of the product, even if they sound
obvious to you. You might be surprised how many encryption solutions on the
market don’t cover the basics.
If you want to know which questions you should ask
and what answers to seek, we will help you in our next blogpost, so stay tuned
and read more on WeLiveSecurity.com.