02-04-16 | Blog Post
Encryption has been widely talked about as one of the best tools to protect you against potential attacks on your data. For many companies processing credit card payments, encrypting data is required for compliance with standards such as PCI DSS and individual state laws. But if you’re in the healthcare industry, it’s even more important because it’s not required for hipaa compliance.
What is encryption? It takes your data and codes it using a series of mathematical formulas to render it unreadable without a special key to unlock it. There are many different levels of encryption, but the one recommended by the National Institute of Standards and Technology is AES-256 bit, the same standard used by the federal government to encrypt classified documents.
While other industries might have been quick to catch on to encryption, healthcare has not. There have been several reports of various hospitals reporting breaches of sensitive data due to unencrypted files being stolen.
What happens if you decide not to encrypt your data? You’re leaving your business open to an enormous amount of risk. When you don’t have to use something, chances are you probably won’t. But when it comes to sensitive information, not using all the tools possible to protect it can allow people to take advantage of you. Of course, not everything has to be encrypted. But it’s a great idea to decide which specific records or programs need to be encrypted, and plan accordingly.
To get you started, here are four benefits of encrypting your data:
An important caveat: It’s not just encryption you should invest in, but strong encryption. When encrypted data is breached, part of the reason attackers gain access to sensitive information, like they did with Ashley Madison and VTech is because of weak encryption technologies. When you decide what data is worth protecting, make sure it’s protected well.
While encryption is one tool of many to provide a layered approach to security that is practically required to mitigate risk of unauthorized access, it is not a catch-all. Take a proactive stance against potential incidents by using other measures such as web application firewalls and two-factor authentication along with encrypting your sensitive data so that you are protected if it should fall into the wrong hands.