Data security is the BIG issue

By Check Point Software Technologies | Jul 26, 2010

The loss of laptops, memory sticks, smartphones and other portable equipment storing private information is often inevitable; therefore, having an encryption solution on these devices is paramount to the security of today’s mobile society.

The criminal population has changed its efforts from the traditional means of stealing to a more tech-savvy method of stealing data from organizations and agencies for monetary and personal gain. Over the past few years, data breach occurrences are widely publicized as new laws have been created and public awareness of these types of crimes have increaed.

Taking a proactive approach
Government agencies need to take a proactive approach to data security by encrypting and protecting all corporate data. Deploying data encryption solutions to protect both “data at rest” and “in transit”, and doing so on all company endpoints, is an example of taking a proactive approach to data security.

If your organization’s encryption solutions are inconsistent and don’t encrypt all devices and data within that organization, then your network and information aren’t secure and your organization is at risk.

For example, in the USA, the Identity Theft Resource Center reported in 2008 that only 2.4% of the devices that encountered a data breach had encryption or other strong protection method in use, and only 8.5% of reported breaches had password protection. It is obvious that the bulk of leaked data was unprotected by either encryption or passwords.

Implementation flaws undermine security efforts
Implementation of a data security policy and deployment of encryption solutions are major factors in how secure an organization’s data is from outside threats and hackers. A common factor in the data breaches that have been occurring over the past few years is that organizations do not have an agency-wide data encryption policy rolled out.

They may have some of their computers secured with an encryption solution, but the remaining computers are without, thus leaving a window of vulnerability. The vast majority of the data breaches found on ITRC’s 2008 report result from lost or stolen laptops.  These could have been easily prevented if proper encryption solutions were in place.

Invest on encryption to save
Organizations are fraught with security concerns revolving around where data is encrypted and how it is protected as it flows both inside and outside the organization. When a company encounters a data breach it is extremely damaging, time consuming and expensive. If data is encrypted, the organization’s risk has been far reduced.

Investing in encryption and being proactive about securing data is a far wiser decision than taking a reactive approach and trying to mend and repair a corporation and its integrity after a data breach occurrence.

The cost to deploy encryption on all seats in an enterprise may cost a company a few thousand, while a data breach can cost the company millions. In order to protect sensitive corporate data, encryption is the best way to do so.

Sensitive information are high targets
For a number of vertical industries like finance, government, retail and health care, a large amount of sensitive, personal client information is transferred over the cloud or stored on laptops and computers. Without a proactive info-centric security approach this data can be intercepted and used for malicious and/or monetary gain.

Based on ITRC’s categorization, the 2008 breaches break down as follows: 12.7% government/military agencies, 18.3% educational institutions, 30.6% general businesses, 10.8% medical/health care facilities, and 9.9% banking /credit/financial services entities. 

Mandatory encryption may stem the leak
According to ITRC’s 2008 Data Breach report there was a total of 540 electronic data breach occurrences with over 35 million records exposed. That number is alarming and implies that personal social security numbers, credit card numbers and other private information is floating around in public.

Encryption should be made mandatory on all company endpoints and removable devices in order to combat against the growing data breach trend. As more organizations become familiar with encryption practices and its benefits, the market will see a progression towards its adoption.

Internal data breaches commonplace
Another concern associated with the loss of proprietary company data can be a result of the employees themselves. With the current state of the economy and many people being laid off, the risk of disgruntled employees stealing data outside of the secure perimeter increases.

Organizations and agencies alike can prevent this occurrence by deploying media encryption solutions, which can allow organizations to lock down any ports on laptop or desk computers to prevent the use of all external media such as USB flash drives, IPods, CD/DVD’s, or alternatively white-list and blacklist external media. Only designated media devices can have data downloaded onto them. 

The importance of encrypting data is readily known, but most organizations don’t react until a serious security loophole has been identified and a data breach has already occurred. Why work to repair an exploit, when you can deploy encryption to protect it from occurring? All of these techniques will bolster the security of an organization and decrease their susceptibility of becoming the next big data breach victim.

This is a contributed article by Check Point Software Technologies