Encryption can be the answer to many data security issues faced by small and medium businesses. Not only can it protect sensitive information from unauthorized use and minimize the risks arising from data breaches, implementing this technology can also represent another step towards compliance with legislation, especially with respect to the General Data Protection Regulation (GDPR).
But in cybersecurity, there is no silver bullet – meaning that no single product or service can handle all the potential threats out there. This applies to encryption also, as even this technology – despite its many advantages – still has limitations that you need to take into consideration. So before opting for a specific product, be sure you know the one that best fits your needs.
Focus on ease of use
According to a recent study on data breaches carried out by the Ponemon Institute, human error is second only to malicious actors when it comes to the most commonly cited root cause of data leaks. However, these can be avoided by deploying a solution that is easy to use.
“THERE WILL ALWAYS BE THE NEED FOR SOME ENCRYPTION TO BE CARRIED OUT BY THE USER, BASED ON POLICY AND TRAINING.”
There will always be the need for some encryption to be carried out by the user, based on policy and training. If these actions require expert knowledge and the product is not user-friendly, employees might try to find the easy way out and company rules could be broken. With a simple, user-friendly solution, this can be avoided.
Require a solution with easy management
A recent IDC survey on ESET’s behalf has also shown that ease of management and ability to recover a lost access key are among the most important criteria when a business is in the process of choosing an encryption solution.
To avoid cases where employees are unable to decrypt their data because they have forgotten their keys, search for solutions that use a system of shared encryption keys, managed by on-site system administrators.
This is similar to the use of actual keys, something we all understand before starting elementary school. On top of that, it also makes sharing encrypted data within a predefined group quick, easy and in many cases, transparent for the user.
Ask for adaptability, scalability and flexibility
The solution you choose should be scalable and flexible, so that you can easily add advanced features if necessary, enabling you to vary enforced policies and keys remotely — helping you to keep a strong default configuration.
Select a product that doesn’t require reinstallation for upgrades or renewals. In addition, don’t forget that if an encryption solution is available as a perpetual license, including annual maintenance and support, or as a subscription license, it can enable you to manage costs and improve your financial flexibility.
Choose whom to trust
Select a solution that employs industry-standard encryption algorithms that you can trust, and a sophisticated key-sharing system for secure data exchange among all users.
Check if the encryption solution you are considering meets the rigorous FIPS-140-2 standard in the US and is validated by the National Institute of Standards and Technology (NIST). Also verify if it has been certified by key players on the market (i.e. OPSWAT) and has performed well in independent tests.
There is no such thing as a bad question when it comes to data protection
Set your data protection strategy carefully and choose the encryption solution that helps you fulfill it in a way that suits you best. To make the right decision, don’t shy away from any questions you might have about usability and features of the product, even if they sound obvious to you. You might be surprised how many encryption solutions on the market don’t cover the basics.
If you want to know which questions you should ask and what answers to seek, we will help you in our next blogpost, so stay tuned and read more on WeLiveSecurity.com.
written by Ondrej Kubovic, ESET We Live Security