Keeping business data safe with encryption
Your business will collect and generate data and it is important to keep it safe. Using encryption is key to keeping this data secure.
Your organization may use a website to collect data from customers, or you may store important data in databases. Configuring encryption for data as it is collected and when it is stored is important for keeping it safe. Your organization may use a website to collect data from customers, or you may store important data in databases. Configuring encryption for data as it is collected and when it is stored is important for keeping it safe.
Encryption for your business is used in 2 different ways and uses two different types of encryption. Regardless of the different types of encryption used the goal is the same: to turn human readable data into a secret code to keep it safe.
Data collection
Encrypting data when you collect it is also called encryption “in transit”. The most common need for encryption in transit is when you collect data from your customers through your website. You will need to configure a certificate and key (also called asymmetric keys) so that your website uses HTTPS.
Data storage
Encrypting stored data is also called encryption “at rest”. You need to consider encryption for every place that you store data that is important and sensitive to your business. This includes any customer, third party, intellectual property, internal, and backup data your organization might have. Common places to configure encryption at rest is on your devices, servers, and databases.
Benefits of encryption
There are several benefits to using encryption on the data you collect and store.
Builds trust
Encrypting data at rest and in transit is a great way to build trust with the people you collect and store data for.
Data and privacy breaches are on the rise, and customers are starting to set higher expectations for the companies they share data with. Customers might check your security or privacy policy to see how you might protect their data. Mentioning your use of encryption in your external security policy and using HTTPS for your websites is a great way to demonstrate this control to your customers and build trust.
Creating a cyber security policy
Protects data
Using encryption protects the data you collect and store so that only your organization has access to it. If your employee lost their device, or the hard-drive you use for backups was stolen, then you could rest easier knowing that the data couldn’t get accessed without your encryption key. Incidents happen, and using encryption can reduce the impact of these type of events.
Low cost and high value
Most devices have features that allow you to easily configure encryption and set your own key. HTTPS certificates can also be generated for free using services like Let’s Encrypt. The value you get in return is the comfort knowing you are doing the right thing for the data owners, and that if the data was lost or stolen then it would not be human readable.
Getting started
In order to get started, you will need to identify the different ways that you collect or store data. These are all the places where you will need to configure encryption. This list is likely to include your:
- website
- employees’ laptops and mobile phones
- office file servers
- organization’s servers and databases.
For adding encryption to your website, you will need to generate a digital certificate and key. Details on how to do that can be found on our HTTPS guide.
For configuring encryption to your devices, servers, and databases, it will depend on the technology you use. Technology vendors often have help guides to explain how to configure, or you can ask for help from your technical support staff.