Protecting Data

It’s no question that the lost of data can be just as costly for a company as losing merchandise. I’m not even talking about the damage that hackers cause. I’ll bypass that for the moment. I’m talking about carelessness: company employees doing a poor job of securing laptops and removable drives, thus allowing them to become lost or stolen. Lost Flash Drive At Core Of Kaiser Permanente Data Breach, or this report –  Humana customers at risk, data breach of Unencrypted USB drive, or this report – Laptop and USB theft leading cause of data breaches, or this report –Laptop and flash drive stolen from doctor’s car, or this report – NASA breach update: Stolen laptop had data on 10,000 users. There are many other examples I could cite. The scariest part is, many of the examples of lost data are mid-sized to small organizations, organizations less likely to help fix it when something happens. When Target or Home Depot face a breach, they can better assist customers with paying the costs of credit repair or credit monitoring. These small companies may not be quite able to help their customers. So, why then, can’t they do a better job of protecting this data? Why oh why? Now, back to the hacking. Can hacking be prevented? The short answer is, it usually can be prevented in most cases. Security departments won’t say this too loudly, but the issue boils down to cost. Before I go on, let’s talk a bit about encryption and what it is. It alters the data so that only authorized persons can receive it. So, if it falls in the wrong hands, you won’t have to worry about them reading it. Bear in mind that there are levels of encryption, and some are better than others. If you have ever seen or tried to solve those encryption puzzles in the comics on Sunday, you’ve had your introduction into encryption. If you don’t know what I mean, look for it, or just do a search for encryption puzzles. Those puzzles are an elementary example of encryption, and if companies used that level of encryption to secure their data, they may as well not even bother to encrypt it in the first place. Why don’t companies put more effort into encrypting data? The answer is, because the expense of encrypting can be high. It’s mandated and is not always included in the annual operating budget. They could obviously purchase an inexpensive off-the-shelf encryption software package for about $200. But the algorithms used won’t likely be sophisticated enough to adequately protect all of the data. Furthermore, securing a laptop is a far cry from securing the entire network of an international company, and a simple software package won’t get the job done. Let’s face it. Many of these hackers are talented. It’s not always some bored 8^th grader bored in her parent’s basement. Many of the most notorious hackers are foreign nationals of China, Ukraine, and Russia. Much of their dirty work isn’t even done on American soil, which makes identifying and capturing them complex if not impossible. So, I know I’m making excuses for them, because if the encryption were a high priority for these companies, they’d find a way to make it happen. I view it just like I view insurance, whether it’s car insurance, homeowner’s insurance, or flood insurance. You pay hundreds of dollars a year just in case you have a problem and need to file a claim. Some people may go decades without ever using their insurance. They pay month after month after month and never file a claim. But when you do have a problem, it’s a blessing to have insurance. Encrypted data is the same way. The effort and expense is great, and your data might never get compromised. But when it does, having encrypted stored data will be a blessing. You’ll be glad you went the extra mile.