Do you need to encrypt your data?

If you lose your laptop or mobile device, will your sensitive data be safe?  By now everyone should have heard about the General Data Protection Regulation or GDPR. It is an update to the current Data Protection Act. One of the main requirements of the GDPR is that each organisation has a Data Protection Policy that adheres to best security practices. Technology can help establishments work to these best practices.

An area of technology that can help is encryption. Encryption is the process where your data becomes unreadable unless a key is used to unlock the data. Since you control who has access to the keys you can feel confident on who can read your data. Encryption is more secure than password protecting your data because it is impossible to hack into your data without the key.

There are three main encryption technologies:

1. Full Disk Encryption.
2. File Encryption.
3. Email Encryption.

Full disk encryption is particularly useful for laptops although can also be applied to desktop devices. The reason why encryption is considered particularly useful on laptops is the ease in which they can be mislaid or stolen. If you lose your laptop you can be confident no one can have unauthorised access to your data without the encryption key. Windows 10 and the Apple Mac both have built in disk encryption technology however managing the keys of several devices can be simplified with tools like Sophos Safeguard Encryption.

File encryption as the name implies only encrypts files that may contain personal or sensitive information such as your ‘My Documents’, removable drives (USB), network drives or cloud storage such as OneDrive or Dropbox. With the advent of low cost USB drives and Cloud storage file encryption is gaining in popularity.

Email encryption ensures that only the recipient of your message can read what you have sent, and the message is encrypted in transit so it cannot be intercepted and when received the recipient must have the encryption key to read the message. Several vendors provide email encryption, Microsoft Azure Rights Management adds a further layer of security by adding document controls such as restricting the recipients ability to print or forward the encrypted documents.

Encryption should be considered as an important part of your security policy. You may just want a solution that is built into your operating system like Windows BitDefender, or a component of Office 365 such as Azure Rights Management or a solution that fits into an integrated synchronized security solution such as Sophos Central. Whatever your requirements call Pugh to see how we can help.