Encryption – What You Really Need To Know
In today’s digitally driven world, far too many personal and business devices are left unsecured. These devices don’t leverage strong passwords and fail to have the encryption needed to protect vital data. Whether companies choose to store data in public, private, or hybrid clouds, they should always ensure that the data is encrypted before it leaves their devices or networks. Additionally, when employees think that “this data isn’t important,” they are creating the weak links that hackers need to successfully infiltrate a device (or network) and subsequently steal unencrypted data, upload malware attacks, and otherwise wreak havoc on unsuspecting businesses. Unfortunately, far too many companies fail to understand the importance of encrypting both their devices and their data.
Why Should Businesses Encrypt Devices?
The primary reason that businesses need to encrypt all devices is due to the sensitive data that they hold. Take, for example, Amarillo, Texas which said that one of the companies in charge of a security payroll audit for the city lost a flash drive containing city employees’ names, bank deposit information, birthdays, social security numbers, and addresses. Fortunately, the flash drive was encrypted. However, if the device had been unencrypted, then the story could have been significantly more disastrous, especially when you consider the fact that each of the employees’ files could quickly be sold on the dark web or black market.
Secure Device Configuration
When devices are not correctly configured, then it doesn’t matter if your company has robust security protocols. With this in mind, securing devices is made easier when your business follows these vital steps:
- Lockdown any services, including remote management systems, that you are not using.
- Disable and/or change the default settings on ports.
- Prohibit the use of outdated web technologies. In this vein, Java, NPAI, and Plugins need to be kept up to date to avoid any potential security vulnerabilities.
- Create strong passwords.
- Leverage encryption for any and all business communications, data, and devices.
It is important to note that you must complete all of the above steps. For example, if you use a strong password, but fail to properly encrypt your device, then it could still be subject to theft or hacking attempts. Fortunately, there are three additional steps that you can take to further protect your vital business data and devices.
3 Steps To A Strong Configuration
Securing your essential business data is made easier when you complete the following three steps.
- Strong Passwords And Encryption. — Did you now that in 2017 81 percent of hacking-related breaches were due to stolen (or weak) passwords? In this vein, you must ensure that your employees are following password best practices. For example, the default password should never be used, the password should include both uppercase and lowercase characters, one number and one special character should be used, and the password should be between 8 to 16 characters. In addition to strong device and application passwords, you should always use encryption. It is especially crucial that sensitive data sent via email or stored on the cloud is appropriately encrypted.
- Endpoint Protection. — Endpoint protection will require you to complete plug-in and browser updates, use an up to date anti-virus software, and implement a proven use Data Execution Prevention (DEP) and use Endpoint Threat Detection and Response (ETDR) that has been customized for your business needs.
- Restrict The Number Of Login Attempts. — When an employee has an infinite number of login attempts, then their “strong password,” is made null-and-void. Instead, you should limit the number of login attempts to business devices or networks. As an added level of protection, you should ensure that employees can only access portions of your system from approved devices. After all, if an employee is using a compromised device to access your business network or data, then you are automatically opening the barn door for hackers to come in and wreak havoc as they decide what information they want to steal and inevitably sell.
The Bottom Line: Take The Steps Needed To Encrypt Data And Devices
If you want to ensure that your business data, devices, and networks remain secure, then you need to use the proper encryption methods. In addition to data and device encryption, you should also ensure that all devices have been appropriately configured. In conclusion, through endpoint protection, a restricted number of login attempts, secure passwords, and encryption best tactics, you can keep your vital business data safe from hacking attempts.