07-22-13 | Blog Post
The State of California released a report on 2012 data breaches that found 1.4 million residents would have had their information protected if companies had encrypted data in transit when sent from their company’s network.
The report showed 131 data breaches affected 2.5 million Californians, as well as listing recommendations of how to avoid loss or theft of data. Among their recommendations were employing data encryption; reviewing and tightening security controls on personal information; training employees and contractors; revising breach notices for easier reading; and possible expansion of the law to require notification of breaches that involve passwords.
While 55 percent of the data breaches were a result of external threats, 45 percent were found to be preventable and due to the failure to adopt or carry out appropriate security measures within their organization.
What is encryption? Encryption takes plaintext (your data) and encodes it into unreadable, scrambled text using algorithms that render it unreadable unless a cryptographic key is used to convert it.
Why is encryption so important for data security? Even if an intruder could gain access to your network or even mobile device containing sensitive data, the data would be unreadable unless they also had access to the encryption key that unscrambles the data.
Many large companies are looking to cloud computing/virtualization for data and application hosting due to its resource-efficient and scalable nature, yet may be unsure about its ability to keep sensitive data secure.
When seeking a cloud solution, ask your cloud service provider about their infrastructure and their security services – do they include encryption everywhere? And do they provide certain technical services for additional layers of security (like two-factor authentication, web application firewalls, daily log monitoring and review, etc.)? Implementing these services and knowing your cloud is encrypted could help reduce the number of data breaches that are avoidable with preventable measures.
The report also revealed that the retail industry suffered from the most data breaches in California, in 2012 at 34 percent, while the finance and insurance industry were at 30 percent. Retailers must meet PCI DSS compliance, the industry standard for data security, and encryption is one of the requirements.
Or watch our past encryption webinars:
Encryption – Perspective on Privacy, Security & Compliance
Chris Heuman, Practice Leader for RISC Management and Consulting, provides an informative webinar on the value of encryption for HIPAA, PCI and many other regulatory frameworks and the successful components of a data security program that integrates encryption.
Encryption at the Software Level: Linux and Windows
An informative/technical webinar on encryption at the software level in which Mark Stanislav, Security Evangelist at Duo Security discusses encryption for Linux, and Farooq Ahmed, Software Development Manager of Online Tech discusses encryption for Windows.