We use cookies to improve your experience and optimize user-friendliness. Read our privacy policy for more information on the cookies we use and how to delete or block them. To continue browsing our site, please click accept.
VIEWpoint Issue 1 | 2023
2023 Compliance Trends: Staying Ahead in an Evolving Regulatory E...
2023 Tax Calendar
By Madhu Maganti, CPA, CISA – Director of IT Assurance and Security, Doeren Mayhew
The need for encryption is at an all-time high with an increasing number of organizations and consumers falling victim to a whole host of cybercrimes. Cybercriminals never rest, which means organizations need to be vigilant as well as ensure tough security measures are implemented. According to industry experts, the biggest challenges in planning and executing data encryption technology include discovering where sensitive data resides in the organization, initially deploying the encryption technology and classifying which data to encrypt.
You will find encryption in most things that run using an internet connection, from messaging and personal banking apps, to websites and online payment methods.
And for consumers, making sure your data cannot be stolen or used for ransom has never been more important.
Encryption prevents unauthorized access to your data, from emails to chat messages and bank details, by keeping communication secure between the parties involved.
This is done by ‘scrambling’ the information sent from one person to another into a lengthy code making it unreadable for anybody else attempting to access it.
Once the data is encrypted, the sender and receiver are the only people who can decrypt the scrambled information back to a readable condition. This is achieved via ‘keys’, which grant only the users involved access to modify the data to make it unreadable and then readable again.
More simply explained, imagine encryption to be like translating your information into a language only you and your recipient know, and more importantly which a cybercriminal can’t translate.
The purpose of file and disk encryption is to protect data stored on a computer or network storage system. All organizations, including small- and mid-sized businesses (SMBs), that collect personally identifiable information (PII) like names, birth dates, Social Security numbers and financial information must secure that information. Ensuring this information is secure by your organization is critical as you can be legally held responsible if a computer containing PII is comprised.
According to a recent study held by the Ponemon Institute, the most significant threats to the exposure of sensitive or confidential includes:
If a laptop is lost or stolen and the files or disk are not encrypted, a thief can easily steal the information, so it’s a good practice to encrypt your sensitive data, if not your entire hard drive. The thief doesn’t even need to know the sign-on password to access the files – it’s easy to boot a computer from a USB thumb drive and then access the disk within the computer.
Disk encryption doesn’t protect a computer entirely. A hacker can still access the computer over an insecure network connection, or a user can click a malicious link in an email and infect the computer with malware that steals usernames and passwords. Those types of attacks require additional security controls, like anti-malware software, firewalls and awareness training. However, encrypting a computer’s files or the entire disk greatly reduces the risk of data theft.
In the online world, encryption disguises data by rearranging the data bits so information can’t be read or seen without the secret key. This key can consist of a password or a digital file, also known as a keyfile. Encryption secures plain text as well as any other digital media like photos, videos or software, and you can also encrypt a whole operating system and a partition.
To secure data, encryption uses mathematic functions known as cryptography algorithms, also known as ciphers. Some examples of well-known and trusted cryptography algorithms are AES, Blowfish, Twofish and Serpent, and these ciphers can be subcategorized with a number indicating its strength in bits.
An encryption algorithm key length indicates its size measured in bits. The length indicating the algorithm strength in bits will always be even (bit is a binary unit composed of zeros and ones), and these keys are used to control the operation of a cipher.
The more mathematical strength the encryption algorithm has, the more difficult it will be to crack it without access to the key, but a strong cipher normally requires more computational power. A few seconds of waiting might not matter much to the home user, but for businesses dealing with thousands of calculations each hour to decrypt/encrypt data in their servers, it means that more money has to be spent in hardware and electricity.
A few advantages of encryption include:
Our dedicated professionals within Doeren Mayhew’s IT Assurance and Cybersecurity Group work with several SMBs to identify potential security threats through appropriate testing and implement recommendations minimize their cyber risk. For assistance with navigating today’s cybersecurity threats and exploring options to protect your security posture, contact our leading cybersecurity advisors today.
This publication is distributed for informational purposes only, with the understanding that Doeren Mayhew is not rendering legal, accounting, or other professional opinions on specific facts for matters, and, accordingly, assumes no liability whatsoever in connection with its use. Should the reader have any questions regarding any of the news articles, it is recommended that a Doeren Mayhew representative be contacted.
A quick registration is required to view our resources.
You will only be asked to do this one time (unless you don't save your browser cookies).