When You Need to Encrypt Your Backups
by Bridget.Giacinto, on Nov 16, 2015 2:14:20 AM
For many small businesses, being able to back up and protect their sensitive information has become a major priority. Encryption is one method of security that's increasingly being considered, as it encodes data and provides only authorized users with the decryption key to ensure your records stay safe. However, encryption may not be the answer for every scenario or document an organization has. Let's take a look at a few situations where encryption for your backups will be essential:
1. Regulated industry information
If you're in a sector that has industry standards to follow, it's likely that you will need encryption. For example, health care information falls under HIPAA protection. Nearly all organizations must adhere to the PCI DSS regulations, as it details methods to keep credit and debit card data as well as other financial information secure. The Register contributor Andrew Buss noted that the loss or leakage of such data has the potential to draw large financial penalties, making it significantly harder to recover. You can stay compliant with these regulations by using encryption to ensure that only authorized users can view the records, adding an extra layer of security.
2. Valuable, lucrative data
"Burglars and hackers understand the potential value of your information."
As a business, you have a lot of documents and data that isn't just important to you - if it fell into the wrong hands, it could significantly damage your reputation and customer loyalty. Burglars and hackers understand the potential value of your information, and are increasingly targeting organizations across all industries to get it. A report by Dell SecureWorks found that health records are valued at $50 per record, while bank credentials go for over $1,000 on the dark Web. If you have your backups stored on tapes, hard drives, a personal laptop, etc., all of these items could be easily intercepted and turned into a large payday for the criminal. Not only that, but the thief may also resell the hardware for additional value.
This all can sound overwhelming, but there are steps you can take to prevent these types of situations. Network Computing contributor David Hill noted that encrypting your most sensitive data on these devices will keep malicious parties from using your information for their own gain. Someone would have a difficult time accessing the coded data, and ultimately prevent you from incurring hefty losses associated with a breach.
3. Employee error
Data security threats aren't confined to external sources alone - your own staff could become the cause of a data breach. It's become clearer that employees unwittingly click on malicious links and reveal information - whether on accident or on purpose. Small Business Computing contributor Paul Mah gave the example of an experiment where flash drives were deliberately dropped in company parking lots. Many of them were then picked up and accessed using company computers. By using encryption, your organization will have peace of mind that your data is safe from unauthorized users internally and externally.
"Ultimately, it is far easier to adopt secure data storage practices - such as data encryption - from day one, than to do so only after a devastating security breach or leakage," Mah wrote. "Forming good security habits today will serve you well long into the future."