Encryption only works if you use it

Once again there’s been a device theft that has left the personal health info (PHI) of 11,000 patients out in the open because the device was unencrypted. But when you look deeper into the problem, the organization did actually have an encryption policy but the encryption was deactivated. User error effectively contributed to this breach in a completely unintentional way.

The SC Magazine Data Breach blog brings to light a different kind of issue for organizations that are required to protect sensitive information – when you have an encryption policy how do you enforce it and ensure users don’t purposely or accidentally subvert it?

There are ways to prevent this. Without knowing all the circumstances of the situation, there are some best practices that can be implemented to limit this type of exposure:

  • The foundation of any data security solution (at a device level) should start with full disk encryption
  • Pre-boot authentication should be the primary (first line of defense) for access security
  • OS-based passwords (IE: when you get to the Windows Log-in screen) should never be the primary point of device authentication
  • If possible, leverage a centrally managed solution that allows IT to keep tabs on the status of all devices accessing organizational data to ensure they’re compliant with information security policies (IE: Encrypted).
  • Make sure the device (when in a managed environment) checks in frequently with the central management server to ensure it’s in a compliant state so IT admins can take appropriate action if they are not.
  • Where possible, limit a user’s ability to turn encryption on a device on or off.

There are plenty of other best practices, but from a foundational level, these are always a good place to start. And of course, SecureDoc can address all of this!

Previous Post
Keep Moving Forward
Next Post
A more BYOD friendly MDM

Related Posts

Data Breach Law

A new American law that would create a protocol of how a data breach is handled may be soon in play.. President Barrack Obama called for a federal legislation on Monday, January 12th that would standardize how a data breach…
Read more

Making the Case for Data Encryption

In August, we released the results of a survey we did with the Ponemon Institute where we examined the Total Cost of Ownership (TCO) for data encryption. To make this information even clearer, we’ve now created a handy, easy to…

Protect and Partner Up

There have been many high profile breaches in 2014: Home Depot, Target, and the most recent, Sony Pictures Entertainment. These breaches clearly illustrate that there is much work to be done across all business sizes. (more…)
Read more

WinMagic Certified Secure Validation

Today SanDisk announced their new SSD offering, the X300s – it’s their first drive to feature encryption capabilities. As part of this announcement, WinMagic also announced that SanDisk is the first drive partner we work with to complete the WinMagic…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu