Blog

Importance of Encryption

The word encryption comes from the Greek word Kryptos, meaning hidden or secret. According to wikipedia “encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor.” Why would a company want to encrypt their data or communications; Well starting from the simplest is to avoid the data being read by the wrong person accidentally, to protecting sensitive confidential personal /financial data from malicious attacks.

Email is the default form of business communication, both internal and external. It is so critical in business today, and this is shown by a study by the Huffpost Tech, U.S. white collar workers spend 6.3 hours a day checking email. Email goes through a number of routers, servers, proxies, until it arrives at its final destination, during which it is at risk of an attack. Sent unencrypted anyone with an intent can intercept and read, modify or even block the email, since it is in plain text. According to a 2015 email statistic report by Radicati group, (a technology market research firm), there are 205 billion emails send and received daily, according to Google between 40-50% of emails sent between Gmail and other e-mail providers are not encrypted. Translating the aforementioned to all email providers and email servers we can assume that approximately 100 billion emails are prone to attack from hackers. There are a number of software/technologies that can encrypt emails both where stored, as well as, in transit and the cost is not dissuasive.

In the same way as email encryption works, we can proceed to encrypt files, folders or even our entire disks. It is usually common advice to encrypt everything, but the average users don’t really need to encrypt everything. Some examples of where encryption would actually help are:

If your laptop is lost or stolen

Sensitive data can be protected if the laptops’ disk is encrypted. Chances are that if your laptop is stolen the thief most probably wants the actual laptop rather than the data on it; But still there are numerous cases that the laptop holds either company sensitive information or even personal information such as passwords etc…

Storing Sensitive data online

For the average user storing data online the security features and even encryptions used are adequate, but for professionals in industries which are regulated they should address certain considerations. Considerations such as, is the vendor secure enough to earn a professional users trust? What is the security in regards to granular controls? Is it secure enough to mitigate user mistakes? Does security comply with regulations?

Business Policies

This is purely to comply with companies’ policies, they are put in place to avoid becoming one of those companies we hear on the news that a company’s laptop was stolen with a database of thousands if not millions of customers and all their details including financial records. Of course this is what should be encrypted in the first place!
Encryption is a must, especially in this digital era or travelling professionals and malicious attackers lurking on every corner. Implementing encryption either on emails / files or entire laptops is quite easy and the cost vs the risk is quite low to justify implementing it.
The real question is what do I need to encrypt? Do I need to encrypt everything? What is considered Sensitive data for me or my company?

George Agathangelou
Professional Services Director
MCTS, MCSA, CCSE, CITM, DCUCSS, RSA CCE
HP-ASE, HP-APS, HP-ASP, STS, VSP, VTSP