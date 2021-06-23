McDonalds, Volkswagen and Audi have all recently disclosed that confidential personal information belonging to their customers has been compromised. This is further proof – should we need it – that no organization is immune to a data breach, and that even the world’s biggest security budgets and teams struggle to prevent data being lost, leaked or stolen. Company-wide encryption of data is being increasingly recognized as a straightforward way of mitigating this risk – locking information down so that whatever happens around it, it remains unintelligible to anyone not authorized to access it. This has been underlined by US President Biden’s recent Executive Order on Improving the Nation’s Cybersecurity, which stipulates the requirement to encrypt data both at rest and in transit. The good news is that the deployment of encryption is increasing, particularly on portable devices, as highlighted by Apricorn’s annual survey. A third (31%) of IT leaders who responded said their organization now requires all data to be encrypted as standard, while 32% say there has been a rise in encryption across all mobile and removeable devices in the past year. A quarter (24%) of organizations have a policy to encrypt all data when it’s being stored on their systems or in the cloud. The findings also illustrate how a lack of encryption can make an organization vulnerable: 12% of the IT leaders surveyed said that this had been the cause of a data breach within their business in the last year.

Protection and Control of Removable Media Use of encryption is particularly advanced when it comes to external hard drives and USBs, with 77% of IT leaders confirming that their organization requires encryption of all data held on such devices. Many of these have policies in place that enable them to control which removable media devices are plugged into their networks and systems, with more than half (51%) limiting their employees to using devices that have been approved by the organization. A third (33%) insist on hardware-encrypted devices as this provides better protection than software encryption, as the keys are held safely in a crypto module that stops brute force attacks and unauthorized access. Better still, if the device has its own PIN pad for authentication, all authorization and cryptographic operations take place within the device itself, meaning it never shares critical security parameters with a host computer. Plans for Expansion The increase in the use of encryption looks set to continue. When questioned on how they plan to extend encryption across their organization, the IT decision makers surveyed by Apricorn said they intend to expand usage on USB sticks (19%), laptops (16%), desktops (12%), mobiles (22%) and portable hard drives (18%). The plans for increased encryption are hugely positive, but requirements will need to be firmly embedded in remote and hybrid working policies if they are to be effective. Many employees will be combining home and office working for at least the next few months – perhaps permanently. The threat surface will expand as staff access networks, systems and databases from diverse locations, using both business and personal devices. Devices are likely to be a particular point of vulnerability in this highly mobile, complex working environment, giving attackers a convenient potential entry point for gaining access to corporate data and networks.

