As new hybrid home/office working models increase cybersecurity risk, Jon Fielding of Apricorn looks at how encryption is the most powerful tool in an organisation’s data protection armoury.
New working models that combine time spent in the office and at home will increase the risk of data breaches. The need to ensure that all employees follow security best practice and comply with regulations has never been greater. Jon Fielding, managing director EMEA of cybersecurity solutions provider Apricorn, looks at how encryption is the most powerful tool in an organisation’s data protection armoury.
Nearly three quarters of company directors intend to keep increased home-working after the pandemic, according to a recent survey from the UK Institute of Directors (IoD). The flexibility and efficiency this brings will come at a price, increasing the risk that the company’s data will be lost, or stolen by cyber-criminals.
Data protection will become more challenging as staff access networks and data from a variety of different locations, using a mix of business and personal devices to process and share information. In lockdown, hackers were quick to take advantage of vulnerabilities such as out-of-date software, while phishing attacks have been particularly prevalent.
Recent research from Apricorn shows that 57% of UK IT leaders believe their company’s remote workers will expose the business to the risk of a data breach. Employees unintentionally putting data at risk remains the leading cause of a breach at the companies surveyed, with lost or misplaced devices the second biggest cause.
Businesses need to act now to protect their data as working practices change – but they must do so in a way that doesn’t impede employees’ ability to carry out their tasks effectively. For increasing numbers of companies, data encryption is the answer.
Lock it down
Encryption is a process that transforms data so it can’t be read by anyone who isn’t authorised to access it. Introducing a policy that requires all company data to be encrypted, whether it’s being stored or moved, will keep information safe wherever the employee is and whatever device they’re using to access it. The use of encryption is also specifically recommended in Article 32 of GDPR as a means to protect personal data.
Businesses are catching on: two thirds of organisations now hardware-encrypt all information as standard, up from half last year, according to Apricorn’s survey. Hardware encryption is seen as the ‘gold standard’, providing much greater security than software encryption.
Encryption isn’t a silver bullet in itself – it needs to be part of a holistic information security plan that involves policies, tools, and people.
Policies: set out what’s required
The first step to ensuring data is encrypted as standard across the business is to enshrine the requirement in company security policy. In fact, this is a good time to review all security policies and business processes in line with new working practices.
It’s important to identify all of the current risks to data security, and address any ‘gaps’ by updating existing policies or creating new ones. Policies should clearly set out how employees are expected to behave, the security protocols they must apply, and the devices they’re allowed to use and how.
Tools: the USB is back!
Deploying removable storage devices with built-in hardware encryption capabilities will provide employees with a straightforward way to safely and reliably store, transport and share data offline, wherever they happen to be. Secure USB sticks and portable hard drives will automatically encrypt all data as an employee uploads it, so that even if the device falls into the wrong hands the information on it will be unintelligible.
People: build engagement and accountability
Everyone must understand their specific role in keeping information and the business safe in the new working environment. This means communicating all policies directly to employees, via email or video, and giving them the opportunity to ask questions. They’ll also need to be trained in how to correctly apply encryption techniques, as well as the safe use of any devices and tools they’ve been provided with.
In addition to the practical elements of cybersecurity, employees should be educated in the ‘why’: the reasons data protection is important, and the risks and consequences to the company of a data breach. This will help to improve awareness and personal responsibility.
A cybersecurity plan that has encryption at its heart can help a business defend its data against threats posed by common failures in process and employee mistakes, without compromising on efficiency. It also has the potential to help a company mitigate any – potentially hefty – fines from the ICO, by making it easy for a disparate workforce to adhere to regulations.
This is a strange and challenging time for all SMEs – but it’s also a chance to get the foundations in place for a safer, more flexible and more productive working model that will support the business for years to come.
Cybersecurity expert Jon Fielding is managing director, EMEA at Apricorn, which provides secure hardware-encrypted USB drives to companies that require high-level protection for their data at rest. He is responsible for Apricorn’s EMEA sales and operations strategy, driving revenue growth and establishing its channel network. CISSP-certified, Jon has been focused on information security for 19 years, working with organisations ranging from IBM to start-ups including Valicert and Tumbleweed.