In the wake of the Ed Snowden ‘PRISM’ disclosure the news agenda is once again focused on privacy and security, which is never a bad thing to be talking about. Worrying about your online privacy is one thing, but before you start panicking about government snooping perhaps you should look a bit closer to home and ensure you’re doing all you can to stop your information from falling into the wrong hands should the worst happen.
One of the things we get asked about a lot by clients is Encryption. Specifically, what is encryption and how can they use it to secure their (and their client’s) data. Rather than explaining individually every time we get asked, it seemed like a good idea to write a blog about the process – and the recent news seems to make it just that bit more relevant too!
How does encryption protect my data?
The type of encryption we set-up for our clients is a system called ‘full disk encryption’. In your normal, unencrypted computer the hard disk drive contains all the files you’ve saved there. This drive can be removed from your computer or laptop and inserted into another machine, and the files can be read, regardless of whether you have a login password on your computer.
In basic terms, this means that should you have a computer or laptop stolen, even if an attacker can’t log in to your Windows account they can still remove the hard disk and read the data. For most businesses, this will mean crucial client data and confidential information will be available to the thief. Chances are, they probably don’t want the data, but if they are clued up (and the data has a value to someone – a competitor, a newspaper, cybercriminals) then they can sell or trade the information from your machine.
With Full Disk Encryption, the data on the hard disk drive is completely scrambled. When you boot up your computer, or resume it from sleep/hibernation, you have to enter your secret ‘key’ (password) to unlock the data and allow the computer to boot. If you forget your key, the machine is rendered useless. Should an attacker steal your computer then they will be unable to access any data at all from the hard disk drive unless they know your key, even if they remove the drive and try from another computer.
Does full disk encryption slow down my computer?
No, the performance reductions from full disk encryption are negligible enough that unless you’re running very intensive applications you shouldn’t notice any difference. Most new ‘business grade’ computers (from around 2011 onward) include built-in support for encryption processing, which makes the process even more efficient.
Who needs full disk encryption?
In our opinion, any business who is taking a laptop out on-site with data that is either critical/private to them, or who is taking client records/data out on their laptop, should definitely have their laptop encrypted. It’s so easy to leave a machine on a train, or have a bag stolen. Plus the fall-out from the loss of confidential data can be incredible, with fines (and custodial sentences) from the ICO for data protection breaches, plus possible court action from those affected – let alone the bad publicity and fallout that can damage your reputation.
Company desktop computers which store sensitive information like the accounts/payroll are also a good candidate for encryption as again the data is valuable to thieves from a resale point of view.
In fact, unless a company has nothing of value stored on their desktop computers, they should consider an IT policy that mandates encryption of the computers in the business. If nothing else, it’s a huge reassurance to know that a thief will have no access to anything of value (and you won’t have to make that embarrassing call to your clients to tell them their data is missing) should your computers be stolen.
What does full disk encryption cost?
We recommend an open source product called TrueCrypt for our disk encryption needs as it’s using algorithms that can still be decrypted should the software be made redundant – meaning you don’t lose any data and you’re not tied to a particular product. It also has the benefit of being completely free.
Of course, full disk encryption can be tricky to set-up unless you know what you’re doing, so you may wish to factor in the cost of an engineer to assist you. We’re happy to help you get your laptop, desktop or office computers encrypted and normally estimate the set-up to take around 30 – 60 mins per machine.
If you’d like a quote for getting your systems secured, please drop us a line with your details and we’ll prepare one for you!