Encryption is a powerful way to protect information but we look at what encryption actually is and whether it’s really necessary.
What is encryption?
Encryption is a way of encoding data or messages to protect them from data theft and other unauthorised access. In simple terms, encryption programs scramble data so that it can only be read with the use of a decryption key (a secret code or password). If encrypted messages are intercepted or if encrypted data is accessed without authority then the information cannot be deciphered by the unauthorised user.
The right encryption in the right places can help you protect against losing personal information – even if you lose an encrypted device, the information is protected against access because only the decryption key holder can read the device.
Why use encryption?
Encryption is listed in the data protection regulations as a ‘suitable technology’ for protecting personal information. Many companies have been prosecuted and fined for losing data on computers, phones and USB memory sticks and they could have prevented it by simply encrypting those devices.
Another example where encryption is useful is when sending emails to other companies, individuals and clients. Emails are easy to intercept and read but if the sensitive attachments are encrypted then they are safe from prying eyes. The difficulty with this approach is that the email recipient must already have a ‘decryption’ password to unlock the file. The first and most important lesson in encryption is to never send the password in the same email! If your emails are being intercepted, there’s a high chance the password would be intercepted this way too.
Does encryption work?
While encryption is an excellent tool, like all tools it’s only effective when used properly. If you use encryption, make sure that your team are using encryption systems properly and not saving information outside of your safe encrypted areas (for example – that they’re not using their own unencrypted USB memory sticks).
You must also be careful when sharing encrypted information with other companies. How can you be sure that they are controlling access to the decryption password you’ve given them? You may still be responsible for information that you have shared with those companies so make sure they have the right approach to keeping encrypted information protected.
Encryption does work but as with many aspects of data protection, encryption is only as good as the people using it (or bypassing it). It’s important to train your team in effective encryption and ensure it is being used properly.
How to get started with encryption
Many computer and smartphone systems are already ready to use encryption but you might need to activate it. It’s usually straightforward although you may need to pay a little extra (for example, Windows computers can use encryption if you have the Professional version but not the Home version).
Talk with your IT provider about encryption on any storage systems you use and how to protect information when it is being sent outside your company. One simple way is to set up a ‘locked folder’ that you share with a client. That way, you’re not actually sending the information – only a link to it.
A good example of an encrypted file sharing system is SmartVault. This system makes sharing encrypted files easy for you, your employees and your customers.
Protect your business - become and remain GDPR compliant with Astrid