Encryption, Compliance, and the Survival of Your Business

 

Your business deals with hundreds, maybe even thousands of articles of data on a regular basis. From sticky notes to emails to databases, you have a lot of important information that drives your business forward.

Now imagine you have a sticky note with the username and password for a bank login or a photocopy of a driver’s license or a digitally deposited check. You ideally will place them in a locked file cabinet or shred them.

Why would you do any different with your businesses digital data? Encryption is a locked cabinet that only has one key, and only you have it and simply deleting data will not ensure it does not fall into the wrong hands.Between the threat of fines for non-compliance, business downtime due to data loss, or liability lawsuits due to mishandling of client information…data security matters.

If you are not a banking institution or a doctor’s office, you may not be held to strict data security standards such as HIPPA and PCI DSS but that does not mean you can afford to play fast and loose with your business data.

Here are some common pitfalls of data security failures that lead to mishaps. Depending on how well developed your IT infrastructure is, you may already be meeting most of these…or perhaps none of them.

  • Stored Data – All Encrypted and Multiple Backups
    • Encrypt all data by having professional versions of Windows installed on all workstations and servers and BitLocker enabled. Make sure never to lose your decryption key!
    • All users who can access data should have to use a complex password that also changes periodically. Access logs should always be in place to keep track of who is accessing what information and when.
    • Have an onsite data redundancy solution such as a RAID configuration within your server or a commercial level backup device such as Datto.
    • Encrypted cloud storage is also critical to be prepared for disasters and will allow your business to recover from sudden total infrastructure failures or catastrophic events.
  • Data in Motion – Firewall Firewall Firewall
    • All data sent out and received should also be encrypted. This can be achieved through professional email solutions such as Microsoft Exchange.
    • VPN’s and Remote Access activities also must be encrypted and logged.
    • Policies should be in place so that everyone in your business understands that passwords should not be shared nor should sensitive data ever be sent via email attachments. It should also be constantly reinforced to everyone not to open suspicious attachments or visit unknown websites.

Your business can not afford the ‘shoulda, coulda, woulda’ mentality when it comes to digital information, the lifeblood of most modern businesses. This is where Occubit can help. We can improve your current infrastructure and security policies or create one from the ground up.

Christina Grady is the founder and owner of Occubit Technology Solutions. She has been fascinated by the role technology plays in everyday life since she was a child taking apart VCR's and remote control cars. Her passion for helping others creates a perfect bond with her IT background.

Compliance and Data Security

More from our blog

See all posts