Encryption best Practices: Dos and Don’ts of Encryption

Encryption best Practices: Dos and Don’ts of Encryption
Page content

Data pilferage is on the rise, despite scrutinized corporate environments, tremendous amount of effort and after having spent lots of money on ensuring that it doesn’t happen. The Identity Theft Resource Center( ITRC) predicted that the total number of data breaches that occurred in 2008 was about 342, and has sky-rocketed in comparison to figures which were about 70% lesser in the year 2007.

Encryption has always been the classic choice when it comes to data protection in companies and this method is by far, one of the oldest methods of coding important messages to help preventing it from being viewed by unwanted and prying eyes. Especially Online, Encryption takes a special importance because of the fact that Internet itself is rather unreliable and thanks to increasing attacks on line. Owing to its importance pertaining to Internet Security, here are a few dos and don’ts on encryption:

Do:

- You must realize that about 85% of the data loss is accidental, as was reported by Osterman Research. Hence, the solution you deploy must be totally fool proof and must be able to check these so called accidents too.

- Encryption must be able to be employed enterprise-wide and must be able to be rendered across function types. For instance, while it can be predominantly used to send email messages to and fro, it must also be able to work across all email platforms – the corporate mail platforms, the private ones like yahoo, hotmail and gmail. It must also be extensible to blackberry and other mobile devices.

- Have systems in place that can revoke former employee access to any of the corporate data. It so happens that the data that has been copied before their departure can be revoked, if so, go full steam ahead and do it.

Don’t

- Think that you are secure with an anti-virus package or a firewall. Even if you have IDS (Intrusion Detection System), you are fishing in a dry pond. Encryption is something else altogether while the above mentioned systems do something else.

- Look for saving money when it comes to implementing encryption technology. No money can equal the embarrassment of having lost confidential information from your company’s network. Even worse, if that data is sensitive ( like customers’ financial information)