Scared of a Data Breach? Time to Act
Increase in Data Breaches
Scared of a Data Breach? Time to Act – With the growing digitalisation of companies and enterprises over the past years, the number of cyber attacks increased accordingly.
A study by the University of Maryland reveals that every 39 seconds, a cyber attack occurs. In most cases, hackers target common usernames and passwords of users to get a hold of their computer and its sensitive data inside.
During the pandemic, many companies have shifted to remote work to ensure a safe work environment for their employees. Most are working from home for the first time ever and are not fully familiar with their new work environment. Thus, the risk of becoming a victim of cyber attacks rises and companies become more vulnerable to unauthorised access and data breaches. This also offers a major challenge to IT specialists and administrators of companies, as they must find a solution that protects sensitive company data but is also easy-to-use for employees with little IT knowledge.
Becoming a victim of a data breach is not only embarrassing, but also costly. According to IBM’s Report on Cost of Data Breach 2020, the average global cost of a data breach stands at $3.86bn. Furthermore, if a company suffers a data breach, they must inform the authorities and concerned individuals according to the UK GDPR. This could lead to a negative reputation, high fees, and loss of trust from customers, amongst other things.
Data Protection – Nothing to Hide?
Some companies and individuals do not take data protection as a priority, since they claim they have nothing to hide and are not interesting enough to be attacked by hackers or spied on. In fact, Varonis reported that only 5% of a company’s folders are protected from unauthorised access. (Source: Varonis 2019 Global Data Risk Report)
Every business has information they do not want to be made public; from company secrets that make their products unique or showcase future innovations, to sensitive data of customers and employees. Everyone has something worth protecting from the eyes of unauthorised third parties.
With an increasing number of employees working from home, companies are put to the challenge to find a solution for an efficient but at the same time secure collaboration amongst colleagues. Cloud computing has grown in popularity, especially in the past year. Companies can benefit from the flexibility, easy integration, reduced costs, and many other advantages of working with clouds.
However, while working with cloud providers can be convenient, it could come at a price. Cyber attacks and thus data breaches have seen a significant rise. When working with clouds, companies will have to hand over some control over their data. Additionally, businesses must trust their individual cloud provider on carefully handling the sensitive data and keeping it secure – if no precautions are taken by the company itself.
Businesses handling customer data from European Citizens have to comply with the European General Data Protection Regulation (GDPR). Here, a strong focus lies on the conscious protection of customers’ personal data when storing and processing it. However, it should also be considered that most major cloud storage providers, like Microsoft, Google or Dropbox, are based in the U.S. and must comply with U.S. laws. According to these laws, American cloud storage providers are obligated to grant governments and authorities insight into their customers’ data, if a valid reason exists. When exactly a reason is valid is not specified in further detail.
The GDPR requires companies to protect sensitive personal data from unauthorised access and to have full knowledge of who exactly has access to this data. Additionally, the responsibility of whether the data is securely handled and protected can not be transferred to the cloud provider but must be borne by the company that owns the personal data.
It is evident that every business has data that must be protected and securely stored. However, not all businesses know how to protect data in compliance with the strict GDPR.
The Key to Strong Security: Encryption
A solution to this problem can be the use of encryption when handling personal data, whereby solely companies themselves hold the key to access and decrypt them.
In fact, encryption tools have seen a rise in popularity over the years. According to a survey carried out by the Ponemon Institute, around 48% of companies followed an encryption strategy. However, over half of the companies’ data is left exposed and possibly unprotected. (Source: CSO Online)
Encryption tools provide peace of mind by adding a further layer of protection – regardless of the cloud storage provider’s existing security measures. With encryption, unauthorised persons cannot gain access to sensitive files since only the company itself holds the key for decryption. Potential attackers would not see any information in plain text and only be left with scrambled words.
Cryptographic algorithms behind encryption tools can include symmetric encryption like the Advanced Encryption Standard (AES) and asymmetric encryption such as RSA. If one would try to crack, for example, state-of-the-art AES 256-bit symmetric keys through brute force, it would approximately take longer than the presumed age of the universe. (Source: ScramBox)
Besides strong data protection, it is also important that the encryption tool offers employees secure collaboration throughout the company. This way, files are stored and processed as securely as possible, without affecting the workflow. Nevertheless, not all encryption solutions are the same and offer the same standards. We strongly recommend choosing a solution that offers end-to-end encryption with zero knowledge standard so that nobody but yourself has access to your files.
“End-to-end encryption means that files are encrypted on the user’s device before they are sent to the cloud provider as well as any other place you want to store them, e.g. USB, file server, NAS. Zero knowledge means that only the user knows the password, only he has the key to decrypt the data.”
End-to-end encryption of a word document before it is synchronised to a cloud storage
With encryption, companies automatically comply with many legal and industry restrictions. Additionally, encryption is a technical and organisational measure to protect sensitive business data according to Article 32 of the GDPR.
“Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) pseudonymisation and encryption of personal data”
In case of a data breach within your company, it will not be regarded as a data breach incident if the use of encryption can be proven. Even if data was stolen, the attacker would have no way of viewing the information in an encrypted state. Without authorised access, all you are left with is scrambled data.
Besides high protection standards, the encryption solution should be easy to use and not negatively affect current workflows. This will ensure that all your employees are on board and will actively use encryption to keep data within the company secure.
Encryption in Enterprises: Simple and Secure
Enterprises can benefit from existing encryption solutions on the market. Through the software solution, employees can collaborate securely without disrupting their current workflow. Furthermore, not only working with internal, but also external business contacts is possible. With the help of customisable policies, employees will only be granted access to files and folders that are required for their work.
When comparing individual encryption solutions for your business, there are a few things to keep in mind. Here are some examples:
- Encryption: Are public encryption methods (e.g., AES, RSA) used?
- Key Management: Are you the only one who can decrypt files? Can you access company files in case of an emergency, even if the password is lost?
- Flexibility: Does the encryption solution work for different storage locations like cloud storage, USB storage devices, hard drives, or file servers?
- Usability: Is it an intuitive, simple application?
- Additional security features: Are there further security features like Two-factor Authentication?
After the successful decision and implementation of the suitable encryption solution to your needs, your data will always stay protected from unauthorised access and data breaches. We are sure, that your Data Protection Officer will have some peace of mind as well!
With the help of encryption software, your company can realise cloud security that is compliant with privacy regulations.
Screenshot of the encryption solution Boxcryptor: Intuitive, simple user interface
Scared of a Data Breach? Time to Act