Essential encryption for your SMB?
Created: 2018-11-14 10:13:41
Essential encryption for your SMB?
A must consider checklist
The Small and Medium Business segment is huge and demonstrates a wide spectrum of both cybersecurity maturity and data governance approaches, under GDPR. The regulation, in effect since May 2018, makes it the legal responsibility of business owners /operators to secure customer and employee personal data. The requirement, with its suggestion to encrypt, anonymize or destroy data (after business use), along with an ever-growing number of data breaches, is driving small and medium businesses to implement data protection technologies.
To get up to speed on data protection take our compliance check:
Data breaches, and the ensuing reputational damages SMBs suffer as a result, pushed the sector to start adopting encryption even prior to GDPR. However, in the rush to secure business data, proper vetting of products and best practice in implementing solutions has often been lacking. With limited time for market research, and the reality of finding a market flooded by a vast selection of products, it remains challenging for owners and decision-makers to find the right fit for their needs.
Many companies have tried and failed to successfully deploy an encryption product. If you are facing this decision, either for the first time, or during a second round because of the failed adoption of an already-selected solution, read further to avoid pitfalls. Start by asking the following.
Which devices present a greater risk: On-site or off-site?
Let’s look at laptops since they can be considered the core physical infrastructure at most SMBs. The following might seem an obvious point but be aware that systems are more liable to theft when away from the office. Keeping this in mind is the right way to start researching and to settle on a solution. Be sure to test the solution’s effectiveness in managing problem scenarios for your remote users. If you are satisfied with its performance when leveraged by remote users, then you’ve at least created a shortlist.
Full remote control of off-site endpoint encryption: Does the encryption system suit the needs of your IT department?
Major endpoint encryption products offer the ability to remotely manage systems. But you need to look closely at the requirements. Most products need either an open incoming connection to a demilitarized zone (DMZ) on your server, or a VPN connection. All require a higher level of IT skills that can raise costs and, in order to function, may require the user to initiate a connection. None of the above is much use with a rogue employee or stolen laptop.
A well-designed product will give you the remote management necessary without creating additional security problems requiring specialist knowledge or adding expense to via increased admin skills.
Why is design important?
Design and function are interlinked. The ability to rapidly alter security policy, encryption keys, features and the operation of endpoint encryption remotely means that your default policy can be both strong and tight. Exceptions can be employed only when and where needed and rolled back just as easily. If you can’t do this you’ll be forced to leave ‘a key under the doormat’, just in case. This would be like tearing holes in your security policy before deployment is complete.
What about remote locking and wiping of keys from laptops?
This issue could become crucial if a company laptop with full-disk encryption gets stolen while in sleep mode or with the operating system booted up. It’s even worse if those systems come with the pre-boot password affixed on a label or tucked in the laptop bag. If a remote lock or wipe function isn’t available, then the system is either left unprotected or secured only by the OS password. In either case this leaves the encryption bypassed.
Also, it is important to know whether the solution has been designed to accommodate the typical use cases that would otherwise unravel a well-designed security policy.
Removable media, can the solution secure them without whitelisting every item?
The diversity of writeable devices in use for everyday work makes it almost impossible for admins to whitelist them all, or decide whether it’s permissible to read from, write to, or not access the device at all.
It is much easier to set a file-level policy – distinguishing between files that need encryption and those that don’t – and the selected files protected every time they move from a workstation or corporate network to any portable device.
So, if you connect a personal USB stick, the solution won’t force you to encrypt your private data. On the other hand, anything coming from the company system, will be encrypted without the keys being held on your device. It is a simple idea, but one which makes any device safe without the need for whitelisting.
Ultimately, it is flexibility and ease of use that insure successful deployment of this technology.
So, you need to define whether the solution you want to use is actually easy to deploy. If setup takes hours or days and needs additional tools for its operation, it will simply lead to headaches for system admins, creating new security risks. Target an easy-to-deploy solution that doesn’t require advanced IT expertise and preserves both finances and your human resources capacity. If a positive user experience follows that easy deployment, then IT staff won’t be further taxed by user lockouts, lost data and other frustrations.
Validated, commercial encryption products have been proven strong enough for some time. However, a significant number of the recorded data breaches involving lost or stolen laptops and USB drives occurred within organizations which had bought and deployed encryption products.
Notes archived from these incidents reveal that being able to fit the solution to your environment, working practices and ease of use for everyday users are the key challenges.
Want more content relevant to SMBs?
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.