You Have Nothing to Hide? We think you do!
$4,24m — The global average total cost of a data breach
You Have Nothing to Hide? We think you do! – According to a study from IBM, the average total cost of a Data Breach has seen a global increase of over 11% since 2015. With companies shifting towards remote work and an increase in digitalization due to the global pandemic, the number of cyber-attacks rose by 9.8% in the past year alone. (Source: IBM Cost of a Data Breach Report 2021)
IBM’s study also revealed that the Middle East places second in the rank of highest costs for data breaches. With an average of $6.93m per data breach, it still ranks behind the US but is way above the global average. One of the top reasons for data breaches in companies, especially since 2020, still involves a company’s employees. Though most remote workers claim to be more conscious about cyber security since working from home, not all of them act accordingly. According to a survey by Trend Mirco, 77% of employees admit to using their work laptops for private purposes.
Additionally, over 45% stated admitted to working with company data from personal devices. This results in companies becoming more vulnerable to cyber-attacks and data breaches. At the same time, IT specialists and administrators of companies and enterprises must find a way to protect sensitive company data, while ensuring easy usability for employees without deep IT knowledge.
Data breaches are not only costly but also rather embarrassing. Companies falling victim to data breaches must notify the authorities and individuals concerned according to the GDPR. This does not only result in high fees, but also loss of trust from customers and a negative reputation, amongst other things.
Data Protection – not interesting enough for an attack?
Most companies and individuals do not prioritize data protection, as they do not feel interesting enough for cyber-attacks and espionage by hackers. The most common argument amongst businesses and individuals is that they have nothing to hide. However, they should keep in mind that even data that seems uninteresting to you can suddenly be worth a great deal in the hands of others and cause a lot of damage. In fact, Varonis reported that only 5% of a company’s folders are protected from unauthorized access. (Source: Varonis 2019 Global Data Risk Report)
However, every individual and company has something they would prefer to stay private. This includes company secrets, as well as key information behind their products or future innovations. But also, the privacy of customers, suppliers, and employees should be considered and secured. We all have something worth protecting from the eyes of unauthorized third parties.
As traditional work environments shift to offices at home, companies have to face the challenge of finding an efficient solution for data protection that does not interfere with collaboration amongst colleagues. Especially in the last year, cloud services grew in popularity. Working with clouds offers companies benefits such as higher flexibility, easy integration, reduced costs, as well as many other advantages.
However, the convenience of working with cloud providers comes at a price. By trusting the company data to a cloud, companies give away direct control over their data. Companies that rely on clouds will have to hand over some control over their precious data. Thus, businesses have to trust their cloud providers on keeping it secure and carefully handling the sensitive data and information – if no precautions are taken by the company itself.
Although the Kingdom of Saudi Arabia (KSA) currently does not have a dedicated data protection legislation in place, it may still fall subject to the General Data Protection Regulation of the European Union (EU-GDPR) when handling data of European citizens. Here, the conscious protection of customers’ personal data while processing and storing it is of top priority.
Additionally, most major cloud storage providers, like Microsoft, Google, or Dropbox, are based in the U.S. and thus must obey and comply with U.S. laws. These regulations include the obligation to grant governments and authorities an insight into their customers’ data if a valid reason exists. However, it is not clearly specified when a reason is considered as valid.
According to the EU-GDPR, companies must protect sensitive personal data from unauthorized access and have full knowledge of who has access to this data. Furthermore, the companies themselves are responsible for the secure handling and protection of customer data. The responsibility cannot be transferred to the cloud providers, as they do not own the personal data.
In conclusion, it can be seen that every company and enterprise has data that needs to be protected and securely stored. However, not all businesses know how they can protect data in compliance with the strict rules of the GDPR.
Encryption: The Key to Strong Security
Using encryption can be a suitable solution for companies when handling personal data, since they alone hold the key to access and decrypt this sensitive information.
Over the years, more companies have benefited from the use of encryption as it has seen a rise in popularity. A survey by the Ponemon Institute revealed that around 48% of companies actively use encryption. However, over half of the companies’ data is still left exposed and possibly unprotected from unauthorized access. (Source: CSO Online)
With encryption tools, Data Privacy Officers and CEOs in companies can enjoy peace of mind through an extra layer of protection – regardless of the cloud storage provider’s existing security measures. Since only companies themselves hold the key to decrypt their data, it is impossible for unauthorized persons to gain access to encrypted sensitive files. Potential attackers would not be able to access any information in plain text.
The cryptographic algorithms behind encryption solutions can include symmetric algorithms like the Advanced Encryption Standard (AES) and asymmetric encryption algorithms, such as RSA. If someone tried to crack, for example, state-of-the-art AES 256-bit symmetric keys through brute force, it would take the individual longer than the presumed age of the universe. (Source: ScramBox)
While strong data protection is a key factor for a suitable encryption solution, it is also important to ensure easy and secure collaboration amongst employees of a company. Files will be stored and processed with the highest security standards, while not affecting the current workflow. Nevertheless, encryption solutions differ from each other and do not offer the same standards. It is strongly recommended to choose a solution with end-to-end encryption and a zero-knowledge standard, so that nobody but yourself has access to your sensitive files.
“End-to-end encryption means that files are encrypted on the user’s device before they are sent to the cloud provider as well as any other place you want to store them, e.g. USB, file server, NAS. Zero knowledge means that only the user knows the password, only he has the key to decrypt the data.” Robert Freudenreich, CTO, Secomba GmbH | Boxcryptor.
End-to-end encryption of files before they are synchronised to cloud storages
With the help of encryption, companies automatically ensure compliance with many legal and industry restrictions. Furthermore, encryption is a technical and organizational measure to protect sensitive business data according to Article 32 of the GDPR.
“Taking into account the state-of-the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) pseudonymisation and encryption of personal data”
If your company should fall victim to a data breach, it will not be regarded as a data breach incident if the use of encryption can be proven. Even if attackers were able to steal data, they would have no way of viewing the sensitive information in an encrypted state. Without authorized access, you are left with nothing but encrypted data.
Apart from high protection standards, it is also important to choose an encryption solution that is easy to use and does not negatively affect current workflows within the company. This will ensure higher compatibility of employees and actively using encryption to keep data within the company secure.
Checklist: Enterprise Encryption Software
With the various existing encryption solutions on the market, it can be a challenge to find the suitable one for your company. The problem does not lie in finding an encryption solution, but rather finding the right one for your needs.
What features should the encryption solution have? Which are unnecessary or important? What does a file encryption software need to do? What kind of Support and Languages does my company require?
We at Boxcryptor have created a Checklist on Enterprise Encryption Software, so that companies can find out what exactly they require and compare various solutions with one another.
The Checklist Covers Questions on the Following Topics:
- Key Management System
- User Authentication and Advanced Security Factors
- Enterprise Features
- Flexibility and Scalability
Use this checklist to become aware of your requirements and to compare different solutions in detail.
Whatever encryption solution you decide to implement in your company, thanks to our checklist you should be able to get a good overview and find a fitting tool according to your needs. We at Boxcryptor care about the security and protection of your sensitive data.
A snippet of the Enterprise Encryption Checklist to find the right encryption solution for your company
You Have Nothing to Hide? We think you do!