Encryption is one of the most effective ways of protecting private and sensitive data, but different rules and regulations across Europe can cause confusion. That could soon change, however…
It may be an inconvenient truth, but no business is immune from cyber attacks. Every business should consider itself a target, and every business should take necessary precautions to protect its vital data and systems.
One of the best defences is data encryption; used properly it ensures that data is readable only to those intended, anyone else who tries to access the data would be left with something totally unintelligible. In fact, it was recently revealed that the US National Intelligence Council have described encryption as, “the best defence” to protect data, and that slow uptake of encryption technologies is one of the reasons why cyber attacks are still causing so much damage.
Encryption is nothing new, of course; records of it date back many hundreds of years. But as our world became more digital, so did encryption. In the 1970s, IBM proposed a Data Encryption Standard (DES) that would help secure transmissions between banks and other financial organisations. This was the standard for encryption until 2001, when it was replaced by the Advanced Encryption Standard (AES), which is still in use today.
Encryption is what will keep your data safe, even if it falls into the wrong hands. It’s what keeps your session secure when you are banking online, when you are emailing and even when you’re using popular social networks like Twitter and Facebook, which have both recently switched to using https by default.
More consumer-orientated services, like Snapchat and WhatsApp, encrypt messages by default, and Windows and Mac OS X both have encryption technologies built in.
So it seems that many of our online activities are becoming more secure by default, which is great news for consumers and businesses. But the increase in security sits alongside an increase in risk; private and sensitive data has never been under greater threat than it is now. Symantec’s 2014 Internet Security Threat Report revealed a 91 per cent increase in targeted attacks and a 62 per cent increase in the number of recorded breaches.
That’s why the European Commission is aiming to revamp data protection regulations across the EU. The General Data Protection Regulation (GDPR) will supersede the current EU Data Protection Directive, which doesn’t really take into consideration newer technologies and the effect of globalisation on data and its protection.
The GDPR aims to harmonise data protection rules across the member states of the European Union; previously different rules, in different European countries, made it difficult to create coherent data protection regulations and subsequent penalties for breaches – given the multinational makeup of many businesses.
Encryption is certain to play a big part in any new legislative framework. The Article 29 Data Protection Working Party of the European Union has suggested that those organisations across the EU that use encryption could be excluded from breach notification laws, as well as any resulting penalties.
However, it seems many businesses are simply not ready for the new regulations; in fact, according to a recent survey many are barely complying with current rules and regulations. A survey of 1,500 workers across the UK, France and Germany found that 77 per cent are not confident that their company complies with current regulations.
Furthermore, one-fifth of respondents said their organisation is not encrypting personal data, one-quarter said they do not know if their business is using encryption, and 7 per cent said they don’t even know what encryption is. Finally, 62 per cent of respondents in the UK said their company encrypts laptops, compared to 56 per cent in Germany and 36 per cent in France. The UK was again on top when it came to encrypted mobiles, with 41 per cent, compared to 32 per cent in Germany and 21 per cent in France.
That statistic about how many companies encrypt laptops would certainly be much higher if businesses looked at hardware that had encryption built in. Lenovo’s ThinkPad notebooks, for example, come with Full Disk Encryption (FDE), which means all data on the drive is automatically encrypted with 128-bit AES encryption, without the need for any third party encryption tools. Developments such as this make encryption a much easier and more cost-effective endeavour. In addition, the new European regulations will help multinational business – and indeed all businesses – to create coherent data protection strategies, which include encryption. The new EU rules should come into effect at some point in the next couple of years, so businesses should be looking at their encryption technologies now to assess whether they could be improved upon, to the benefit of all workers and customers.