Views
11 months ago

CSLATEST

encryption Mark Hickman,

encryption Mark Hickman, WinMagic: sensitive data should always be encrypted at the end point in the organisation. Brian Chappell, BeyondTrust: wherever possible, move data into more structured repositories. will be moderated where the company has been responsible and mitigated any damage suffered by data subjects." Worryingly, a recent survey by Apricorn found that 24% of surveyed companies are not even aware of the GDPR and its implications, he adds. "On top of this, 17% are aware of the regulations, but don't have a plan for ensuring compliance. Organisations should analyse their data, identify everything that should be protected, understand where it exists and how it is transported, and ensure that it is encrypted at all stages of its lifecycle." GAPING HOLES With high-profile malware breaches continuing to make headlines, organisations are acutely aware of the dangers of leaving themselves vulnerable to attack. Against that backdrop, encryption technology can and should play a pivotal role in any organisation's IT security strategy, points out Ed Kidson, product manager at Wick Hill (part of the Nuvias Group). "However, a problem exists when companies believe they are shielded from attack by encryption software, but without realising it are susceptible to attack. Encryption isn't a new thing, which is part of the difficulty. It's likely that different, disparate encryption policies may have been implemented over several years with numerous vendors, leaving organisations clueless as to which of their data is encrypted, and which isn't - creating gaping holes in their defences in 2017." So how do you stay one step ahead of the attackers, when it comes to employing the latest encryption technology? "It usually isn't practically or financially viable to encrypt everything, so the first step is to conduct an audit of your data and decide what is sensitive," he says. "Look at where you need encryption - on endpoints such as mobile phones, laptops or tablets; or for data that's stored on servers or in datacentres. Regardless of which solution you choose thereafter, it is just as important to keep your encryption key secured and managed properly. Some companies will encrypt their database, for example, but their encryption key might be sat on the same server as the database - it is comparable to locking your car and leaving your keys on the bonnet!" Best practice involves implementing a key management policy, putting the keys into a Hardware Security Module (HSM) and recycling the key regularly. If all these safeguards are in place and you are breached, the chances of your data leaking are vastly reduced. "Most hackers will discover encrypted files and move on - they tend to go for the 'open window' approach to theft," adds Kidson. "As such, encryption should form part of a traditional layered security approach, alongside endpoint and gateway defences." With ransomware attacks on the rise and forthcoming regulations like GDPR meaning any data breach is financially ruinous for a business, it has never been more important to make sure you have a watertight encryption policy in place, he concludes. TOP PROTECTION "If you're a system administrator, make sure you're using the best tools to protect your system, including the latest patches and fixes given by your service providers," comments Jacob Ginsberg, senior director of products for email encryption software company Echoworx. "Always make sure your systems are up to date and run scans, monitor your network and follow your best practices." Best practices include following compliance rules, knowing how to properly dispose of and store data, determining who can have access to the network and learning how to detect breeches. Ginsberg advises consulting with vendors, to be aware of the latest advances in encryption software, keeping updated about networking and security, and reading the news to learn about what new areas hackers are targeting. 16 computing security May/June 2017 @CSMagAndAwards www.computingsecurity.co.uk

Recalls happen and you need to be prepared if you’re faced with one. The Sims Asset Return Management Portal makes product recalls and returns quick and easy to administer. Online, efficient and straightforward, the portal ensures products are returned to your store or our processing facility with minimal hassle for your customers. Let Sims help you prepare to protect your bottom line and brand reputation at a critical time. ASSET RETURN MANAGEMENT PORTAL +44 (0)800 6526 100 srsuk.info@simsmm.com www.simsrecycling.com