Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Encrypting in small business: Why remote workers needs protecting

Written by  Guest Contributor - IT Security Specialist Andrew Pugh Jul 17, 2019

In a business environment where cybercrime continues to pose a real danger to businesses of all sizes, paying close attention to how data and devices are protected is now of paramount importance.

There has perhaps never been a more important time to look at encryption strategies. Government research from last year revealed that 43% of businesses have identified security breaches in their systems in the last 12 months. Some of the most common attacks included staff receiving fraudulent emails (75% of those breached), individuals impersonating the organisation online (28%) and viruses and malware (24%). What's more, security breaches on average cost organisations £894 per incident over the past year.

Desktop PCs and servers generally use high levels of encryption. However, mobile digital devices often use reduced levels of encrypted security, if indeed they use any encryption at all. According to Sophos, only a third of businesses encrypt the smartphones and tablets that employees use.

android phone encryption

Research shows that the majority of businesses do not employ effective encryption policies for mobile devices

Then there's the cloud to consider, which because of its increase in popularity has a bigger target for cyber crime. Businesses have slowly over time have handed over the responsibility for encrypting data to service providers that are themselves becoming a favoured target for cyber criminals.

Businesses understand that their customer data, in particular, must be encrypted. Highly regulated industries, such as financial services, have long used strong encryption to meet their compliance responsibilities, with other sectors reacting to high-profile security breaches by enhancing their use of encryption tools and protocols.

For example, the payment card Industry's Data Security Standard (PCI DSS) has strict requirements on how merchants need to employ encryption to protect stored cardholder data. The Data Protection Act 2018 and GDPR, both make it mandatory that businesses take practical steps to protect customer data. This also applies to destroying data.

Data dispersal

However, companies are seeing that work is changing and that modern workplace practices, such as remote working, are creating new challenges when it comes to protecting data. Many businesses have many employees who work from remote locations and out in the field, that still require secure lines of communication to the office.

Some technologies have now become more commonplace such as virtual private networks (VPNs) that use built-in encryption protocols, particularly across the small business community because of their relatively low cost and efficient deployment.

But with employees working in several locations at the same time it is often a "barrier to a successful encryption strategy", according to findings from the Ponemon Institute's 2019 Global Encryption Trends report, with many businesses being unable to source where their sensitive data resides.

Some 69% of those surveyed said that data discovery was their biggest weakness when it came to encrypting data, 42% found difficulties when first deploying new technologies, and 32% said they find it hard to identify what the most important data needed to be encrypted.

Many businesses already use SSL to encrypt data as it is transmitted

Even those businesses who do have encryption policies in place, these often fail to fully protect data once it has been transmitted to remote workers outside of the organisation's firewall.

Despite there being an abundance of security tools available for businesses of all sizes, many of these are "off-putting to small businesses" as they are not easy to integrate with existing applications and require extra time and resources which hits small businesses the hardest.

Advertisement


Cybersecurity Essentials
amazon uk

Understanding the basics

Despite the challenge facing small businesses, it's possible to simplify the process of encryption, provided you have a well-defined and communicated policy across your business. Data is now your business's most precious commodity that must be protected.

The Ponemon Institute research found that 44% of businesses performed encryption on-premise before sending data to the cloud using keys their organisation generates and manage. However, 35% of respondents perform this encryption in the cloud, with cloud providers generating and managing those keys. Some 21% of respondents are using some form of Bring Your Own Key (BYOK) approach.

The quality of any encryption policy is dependent on how keys are handled

Regardless of the favoured approach to encryption, there are basic steps that all businesses should be taking. Encryption is no longer an additional expense, it's something you can enable on most new devices these days.

A password on a laptop doesn't make the data secure, it helps but is by no means a robust solution. BitLocker is a secure option on Windows 10 laptops, or FileVault for Mac's. Neither OS enable these encryption methods by default; so there is a good place to start.

Encryption can be turned into a fairly straight forward exercise for small businesses, but you should be aware of the added restrictions it could place on day-to-day operations.

Most commercial encryption software is suitable (or has a product) suitable for small business use.

For email encryption, both sender and receiver must operate the same encryption standard, which can lead to complications when dealing with other organisations who operate different systems.

cyber2

How to use encryption

Having a full understanding of the data landscape across your enterprise will help you figure out what types of encryption you need. When data is at rest stored on hard drives, servers or mobile devices, for instance, file or full drive encryption should be considered.

It's when data is in motion that encryption becomes even more vital. When data moves over your business's network or out onto the wider internet, it must have some form of encryption. It's likely your business has continued to expand its use of the cloud in some capacity and is probably developing hybrid cloud deployments. If that's the case, data must be encrypted at rest as well as when it's being transmitted.

Encryption should be is considered an essential element and provides a first technical step in compliance programs. Encrypted communications, such as TLS (Transport Layer Security), provide a strong control.

Data-at-rest encryption is more challenging, because the layer at which it is deployed determines how much protection it provides - it's but a small part of a larger control set that includes monitoring and access control. Also, encryption key management for data-at-rest encryption is a critical element, because losing the keys means losing the data.

leader meeting

Employees are often the weakest link in data handling

Of course, the quality of any encryption policy comes down to how keys are generated, applied and managed. For larger businesses, this is somewhat of an easier task despite the quantity of data that needs to be encrypted. Cryptography is often managed by in-house experts equipped with right equipment.

But, these resources are not something that's typically available to small businesses, and investing in in-house expertise isn't usually a priority when it comes to spending. As a small business, you'll likely find yourself working more closely with service providers. However, if you don't like that option, you can call upon key management products that are provided as a service. These tend to give you more control over encryption keys, but still need to time and effort to maintain full control unless you have the resources to do so.

What has become clear for all business owners is encryption must form a fundamental component of their data security policies. Where data is stored, who has access and, importantly, how data is protected when in transit and at rest, all require strong encryption protocols.

The use of mobile devices has also moved the perimeter of the security environment businesses have to manage outside of the control of their premises. Ensuring all data communications use strong encryption is now critical to meet data protection, remember that the legally binding GDPR requirements are always in play now.

All to often data is lost and security is compromised by employees, so it's always best to ensure your business has detailed and on-going education and training to encompass the encryption tools to keep your business data secure.


Cybersecurity for Beginners
amazon uk

For more business news, help and advice try https://smallmediumbusiness.co.uk.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Contributors

We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Jun 09, 2020 IT Security News

Self-employed targeted by hackers with HMRC SMS phishing scam

Cyber criminals have launched a new phishing scam designed to steal personal and financial details of millions of self-e...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 28, 2020 IT Security News

Defence tips to stop a trojan invasion

Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to preventing...

Advertisement
Symantec Home 120x60

Advertisement