Your data is increasingly taken beyond the relative safety of your corporate firewall.
As employees work when and where it suits them, sensitive information often winds up – temporarily or not - on mobile devices and other data carriers. However, by encrypting your data carriers it is simple to limit the substantial potential risks involved. The risks to your business have become even greater with the European Union’s General Data Protection Regulation (EU GDPR) taking effect in 2018, meaning stricter guidelines and sterner punishments.
One repeat offender of EU and UK data protection regulations and laws has been the government of the United Kingdom, who have been repeatedly exposed as having lost sensitive files containing government and civic information. In one of the highest profile scandals the Ministry of Defence admitted to having lost over 100 USB sticks containing information labelled ‘restricted’ or ‘secret’ in less than four years, a security breach labelled as ‘shocking incompetence’ by the Liberal Democrats. Another such example was the loss of a USB stick by a Barclays Bank employee in 2015 containing the personal details of 13,000 of its customers.
There are myriad other examples of incidents concerning data leaks caused by loss of mobile devices. Misplacement of these devices cannot be effectively prevented as there will always be human error. As a result, organisations can suffer huge consequences. Customers are directly affected, and the organisation has to compensate for damages. Reports such as the ones mentioned above are also pure PR disasters. Reputations are damaged and customer confidence is lost. This can be fatal.
Next to the loss of business critical information, the personal suffering, reputation damage and other troubles it causes, there is another very important reason to take data leakage prevention seriously. As the EU GDPR makes perfectly clear, the EU places high priority on privacy and protection of its citizens. Research shows the current average loss caused by a data leak at a large EU based company stands at over three million pounds. From 2018 on organisations can face increasingly stiff financial sanctions for negligence: up to 20 million euros or 4 percent of annual revenue. This sum adds to any costs incurred due to damages and loss of reputation. Data leaks can therefore mean the end of your organisation. There is also a need for urgency, as the regulation will be in full force from 25 May 2018.
Encryption plays an important role in the protection against data leakage. Data encryption –within and outside the premises of the company firewall- can prevent disasters. The incident at Barclays could have been avoided if the USB drive automatically encrypted all data stored on it and protected it with a password. Even when the stick gets lost, the data on it cannot become public as any finders cannot access its contents. A high security USB stick would employ military grade encryption, which in practice is impossible to crack as it would take several human lifetimes to do so.
It is important to note that the GDPR considers the leakage of encrypted files a security breach rather than a data breach. These usually don’t need to be reported, which means you don’t risk being fined.
The encryption itself does not have to be complicated. An encrypted USB drive automatically carries out the encryption in the background. The security only confronts users when they insert it into a laptop or desktop with a password prompt. They don’t need any technical knowledge, which makes such solutions very easy to implement and use. This is vital, as procedures that are needlessly complex eat away at the support for the measures within the organisation, increasing the risk of laxness among employees.
At Kingston Technology, we offer an affordable business-grade encrypted (DTVP 3.0), high-security (DT4000 G2) as well as keypad USB-drives (DT2000), to help make sure organisations comply with the EU GDPR and their data gets the security it deserves. In addition, Kingston uses the IronKey product line to deliver FIPS 140-2 Level 3 certification solutions for customers who need the highest level of encryption and security.
Furthermore, Kingston’s close software partner DataLocker® Inc. will continue to manage the SafeConsole® and Enterprise Management Services (EMS) platforms that both Kingston and IronKey managed encrypted drives utilise. Thus IT administrators can centrally manage encrypted USB drives to meet compliance requirements and provide a higher level of support. Features include setting passwords remotely, configuring password and device policies, activating audit for compliance and more.
Although the development is unfamiliar territory for many businesses, we are confident that we can assist any business in meeting its requirements and thereby ensuring them a smooth transition and allowing them to do what they do best.
There is no doubt protection against data leaks is only a question of employing the right technology. Every security strategy needs to include employee awareness. Not only do they need to be aware of the risks associated with data leaks, but they also need to be informed of the new laws and regulations on this topic. A clear, well-documented data policy is also crucial. The company needs to map out which users have access to what data, and users need to be informed of internal data policy. Encryption technology is wonderful, but useless if users don’t know the rules.
By implementing the GDPR, the EU has taken a much needed step toward effective privacy protection. However, it is also a step that will put many organisations up to the task. Let’s make an end to the embarrassing stories in the media together by making a good habit of using data encryption.