Blog Home   >   Data encryption

Data encryption

Encryption is the process of converting information or data into a code to prevent unauthorized access. If devices are unencrypted, organizations lose out on the safe harbors that most data breach notification statutes or federal laws provide for data that's encrypted.

What steps should I take to make sure my data is properly encrypted?

Encryption provides a safe harbor only if the password is not compromised, therefore do not store passwords with an encrypted device and make sure to have long passwords. However, protecting a device with a password is not strong enough protection. The security offered by passwords sometimes works like a lock on a file cabinet: if someone can break the lock, it’s easy to read what’s in the files. Full/whole disk encryption also uses a password; the software generates a secure encryption key based on the password and then uses that key to encrypt all the data on the disk. Full disk encryption makes the entire contents of a disk unreadable unless you have the key. It’s like encrypting every file in the cabinet, so even if the lock is broke, the files can’t be read. Many devices include encryption software by default, although it may not be enabled.

If you purchase a device without encryption already built in, you can purchase third party software to encrypt the device. For example: VeraCrypt, BitLocker, and FileVault 2 can all be used to encrypt devices.  For mail and file encryption on the computer, you can sign up for nCrypted Cloud’s free account. If you’re on Windows, BitLocker is a good built-in option. As an option for those without an IT person would be to go to Geek Squad at Best Buy for additional assistance. Some additional technical information can be found here.

What can happen if my data is not encrypted properly?

Lost, unencrypted data may result in significant fines and burdensome corrective action plans. For example, the Office for Civil Rights settled two cases in late 2014 involving the loss of unencrypted laptops, which required corrective action plans and payments totaling $1.9 million. Also, last year the Financial Industry Regulatory Authority fined a broker-dealer $225,000 in a case involving an unencrypted laptop lost in a restroom. To put into perspective the severity of having unencrypted devices, many state attorneys regard the failure to encrypt as one of the most extreme deficiencies an organization can have. Organizations should weigh the risks of significant fines and penalties if unencrypted data is breached and should carefully evaluate the possible return on investment for the initial cost of implementing encryption.

Key take-aways:

  1. Encrypting devices is an investment that could save an organization a lot of time and money in the future.
  2. Choose a password that is long (at least 14 characters or more). Use a passphrase (a sentence fragment, song lyrics, etc.) to help you remember it. Use unique passwords for each service or application.
  3. Be sure to enable the encryption software on a device, if it isn’t already.
  4. Visit here for more information on encryption.
  5. Church Mutual also offers cyber liability protection. Click here for more details.

This article is derived from Portable Devices, Portable Data, Beazley Breach Trends (Jun. 2016). © 2016 Beazley Group. Reprinted by permission. BPS_BBR_Church Mutual_2_7/18