Encryption Is The First Step In Your Cybersecurity Strategy
Every day, we are creating and sharing data at an astounding rate. With each email, text, tweet, tap and stream, more data is available for companies to collect and use, and without sufficient protections, for hackers to exploit.
The collective sum of global data is predicted to grow from 33 zettabytes (33 trillion gigabytes) in 2018 to 175 zettabytes in 2025, according to a report from IDC and Seagate. As the vast amount of consumer data continues to grow each year, so does the prevalence of data breaches. Research from the Identity Theft Resource Center indicates that the number of reported U.S. data breaches in 2019 rose 17% from the previous year.
Your company needs a robust and continuously updated cybersecurity strategy. Within this plan, encryption is the key component to prevent data breaches and remain compliant with data privacy regulations.
Data should be encrypted at all times, both in transit and at rest, to protect against cyberattacks. Data in transit refers to the transfer of data between endpoints, and data at rest refers to data that is stored in a database. If your consumer data is compromised, this measure can mean the difference between a devastating breach of personally identifiable information (PII) and the release of unintelligible ciphertext. Encryption can save your business from paying substantial non-compliance penalties and preserve the trust you have established with your customers.
How Encryption Adheres To Privacy Regulations
Regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) recognize encryption as an important factor in securing private user data.
• GDPR’s Article 32, “Security of Processing,” includes encryption as an appropriate technical measure to mitigate security risks and protect data.
• The CCPA doesn’t specify guidelines on encryption, but fines associated with data breaches may be waived if data is encrypted and can’t be revealed without the decryption key.
• The Health Insurance Portability and Accountability Act (HIPAA) requires organizations to put safeguards in place to protect patient information, such as encryption or an equivalent alternative.
• Other data privacy regulations – including the Federal Information Processing Standards (FIPS), Payment Card Industry (PCI) and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) – require data cryptography measures and carry sizable fines for non-compliance.
Encryption doesn’t absolve companies of their responsibilities to secure consumer data, but it does reduce penalties and risks associated with compliance.
5 Ways To Improve Your Encryption System
Here are a few best practices you can implement in your organization to strengthen data encryption and minimize security vulnerabilities:
1. Use A Zero Trust Model
Build your entire infrastructure and network on a zero trust framework – a security concept that helps prevent breaches by verifying everyone and everything that requests access to data. Use encryption keys and certificates that rotate with a set frequency, such as every day, to defend against any data leaks and keep secure encryption within the network.
2. Keep Encryption Algorithms Up-To-Date
Use the latest encryption algorithms for data. Older algorithms are easier for hackers to decipher.
3. Diversify Key Storage
Don’t store encryption keys, decryption keys and encrypted data in one location. This leaves your information vulnerable to breaches.
4. Use One-Way Hash Functions
For highly sensitive information such as secret keys, passwords, PIN and security questions, run a one-way hash function on the message with a cryptographic key. This ensures that it is nearly impossible to reveal the original message without proper authentication.
5. Share Security Responsibility
If your company works with a cloud provider, verify that they are following your security framework. The control of encryption keys is a shared responsibility, and the safety of your data depends on their adherence to strict security policies.
Data encryption is an essential piece of your company’s cybersecurity strategy. As governments put new regulations into practice and data breaches become widespread, encryption is a necessity as you minimize risks, build trust and stay compliant.
Originally published with Forbes