Corporate data encryption: instructions
01 10 2018
Faced with the risk of data theft or leaks, one simple and effective way to protect your business is encryption. A technique that nevertheless requires following a few simple rules.
All companies either have sensitive data or process data of a personal nature. However, leaks and cyberattacks are occurring more and more often, causing increasingly costly data losses. In 2017, the financial cost for French companies increased by 50% in one year, reaching an average amount of 2.25 million euros (PwC's "The Global State of Information Security Survey 2018").
Faced with this threat, data encryption is an essential protection tool. This technique makes it possible to transform a "classic" message into an "encrypted" one that is incomprehensible to a third party and thus guarantees its confidentiality. In fact, using this method is very simple thanks to an encryption key.
1- Analysing needs
Identifying the real needs of a business is the first step. Some departments (executive committee, R&D, accounting, etc.) are more concerned than others by the protection of sensitive data. "First of all, we need to talk to the company about its business, its value-added, its expertise etc., in order to target what really needs to be protected," says Jocelyn Krystlik, Product Marketing Manager at Stormshield.
2- Combining simplicity and efficiency
The encryption solution adopted must be simple to use and designed according to the user experience. Technology should not be a burden on business processes. "It is important to remember that users see encryption as a constraint at first," says Krystlik, who also emphasises the need to "guarantee the reversibility and the recovery of data, in other words the effectiveness of the encryption solution".
3- Training and raising awareness
A new solution and procedure is only worthwhile if it is understood, adopted and mastered. It is therefore vital to inform and train users on the sensitive nature of data and its encryption. "Unless they've had prior training, an average user usually has no knowledge of encryption," says Krystlik, who advises using e-learning modules, among other awareness tools, that are particularly suitable for business.
4- Managing meticulously
Adopting a data encryption solution requires asking some basic questions. Namely: who has the encryption key? Who will conduct data recovery? Who will manage the help desk (account unlocking)? The priority must be to limit access to people concerned and to know who has been entrusted with these encryption keys.
5- Considering external factors too
Encrypting data should not hinder communication with partners (suppliers, customers, etc.). It is therefore necessary to take into account their own needs and uses, even if it means using less robust systems. "There are free encryption solutions that use a password," says Krystlik, who also talks about "free cloud infrastructure solutions for occasional exchanges with a customer or supplier". Once again, training is essential, especially to make partners understand that encryption is also in their interest.