Data Encryption In Business
The UK has become a hunting ground for cyber attackers and hackers. As such, London businesses are now expected to be equipped with vast array of security measures to ensure they are well protected.
We believe that using data encryption in business is the only way to prevent cybercriminals from gaining access to your most important information. It is also a crucial way to minimise the cost and damage of possible security breaches to your business’ data.
In simple terms, encryption refers to the translation of plain text (your sensitive data) into an encoded form. This safeguards your information by appearing complex and unreadable to potential hackers who may intercept it. Encrypted data can then be accessed with a decryption key by your organisation.
Learn how to encrypt your data
Encrypting files and folders
Windows devices come with a built-in full-service encryption feature called BitLocker. This covers the whole hard drive, and uses the AES encryption algorithm in cipher block chaining with a 128 to a 256-bit key. By enhancing your file and system security, BitLocker protects vulnerable data. And if your device is stolen, BitLocker can prevent thieves from accessing unauthorised data. It can be activated by going to Start > Settings > Privacy & security > Device encryption > BitLocker drive encryption.
Apple has a built-in locker/storage called Sandbox, which is completely isolated from other areas of the device. However, Sandbox won’t prevent applications from accessing data when permissions have already been granted.
If you want your files to be completely encrypted, use the Secure FileBox application to encrypt all files on your Apple devices. FileVault is also a highly recommended option for encryption. Go into Apple menu – System Preferences – Security & Privacy – FileVault – Lock button (enter your administration username and password) – Switch On FileVault.
Androids operate on an open network, and making these devices particularly vulnerable to attack. The Encrypted Data Store (EDS) creates an empty file which is entirely unreadable to anyone who doesn’t have the password/key to access it. This file can be used to store other files for encryption. These are immediately encrypted once they are transferred to it. The EDS uses various algorithms to encrypt the data, making it extremely challenging for hackers to access data.
Encrypting your emails
Encrypting Outlook emails is very straightforward. All you need to do is go into Outlook – Tools menu – Trust Centre – E-mail Security – Encrypted e-mail – Encrypt, then click okay. The recipient of encrypted emails will receive a secure private key to allow them to translate the encoded message into readable text.
Apple Mail app
Mac OS X has an inbuilt S/MIME email encryption feature, which can be activated in the Mail App. You will need to click on the “Account” option in the “From” field of a new message and tick the “Signed icon.” Once you do this, an “Encrypt” button (closed lock symbol) will appear, which indicates that the mail is now encrypted. In order to access the email, recipients will need to use their key.
For Microsoft 365 you may want to consider using Azure Rights Management service. It is a cloud-based protection offering you complete end-to-end email encryption facility. This technology will also allow you to set customisable permissions for data access. For businesses who often use emails to share important data with other organisations, this is a secure option.
If you’re using Gmail, then you’ll be happy to know that all Gmail emails are encrypted by default. For more encryption options, you can use the Secure Gmail extension.
Encrypting data on the cloud
By default, all cloud service providers will use data encryption on their platforms. This makes sense since the cloud is basically a common pool of data resources. But, if you wish to add an additional layer of encryption to your data, you can activate the Zero-knowledge encryption feature if it’s available in your cloud. This feature will automatically encrypt data before it uploads from your device into the cloud. Zero-knowledge will keep your data encrypted until it is downloaded offline and opened using a unique and private key. The key is only available to the user and remains unknown to the app developer. Sync.com, pCloud and SpiderOak are some of the alternatives to Dropbox for this feature.
If you don’t want to do this, you can choose to encrypt files yourself before you upload them to the cloud. The VeraCrypt platform is great to encrypt both select files and your whole device if desired. You can also set up a VPN, which uses many security protocols like IPsec, OpenVPN, L2TP, PPTP, TLS, and SSH.
Best data encryption practices for 2023
Decentralise your data encryption and decryption process
Ensuring your data is stored and encrypted in multiple locations can increase security in comparison to a centralised approach. This will avoid your encryption keys from remaining at a single source, where they could easily be exploited by hackers as one point of vulnerability. Your London IT support service can help you here by offering a separate encryption server at the location of your choice.
Put in place support for multiple encryptions and decryption technologies
Having end-to-end encryption allows you to be flexible and quick when there is an overhaul of your organisation’s technologies and data. These various layers of encryption are crucial for huge transfers of data during takeovers and M&As, for which you will need to use new encryption technology. Ideally, all your encryption mechanisms should be third party friendly.
Create key profiles to smoothen the process of key rotation/expiration
Always create key profiles, which will be associated with specific fields of data. You can then use these profiles to create new keys during key rotation/expiration. This will help you manage your encrypted data better, as it won’t create a need for constant decryption and re-encryption.
Always maintain an account of activity
The best way to monitor the safety of your encrypted data and to enforce user responsibility is to log all the details of your activity. Ensure you log the details of all the times the data was encrypted and decrypted, the type of key used, the changes made to the data and essentially anything that happens to or with the data. These steps are also a vital component of compliance with GDPR regulations. Storing your activity supplies an auditable trail to help you retrace your movements in case of any security issues.
totality services offers robust IT security services for London businesses, including hard disk encryption and data backup for all your workstations and servers. For more information feel free to call our highly skilled IT Support in London team.