Do you have anyone working for you who would forget their head if it wasn't screwed on?
Even worse, does this person use a company laptop, or store data on a USB memory stick which they carry around with them?
If the wrong person stumbles across a misplaced laptop, it won't take them very long at all to extract sensitive business data from it if the only thing protecting that data is a password. About 4 minutes, in fact.
If it's not a laptop but a USB device which is found, then data can be accessed immediately because these usually aren't even protected by passwords. In 2013, A USB device belonging to the Suffolk County Council was found - it contained notes from the county's adult and community services department - including very sensitive information on clients.
In 2012, the Greater Manchester Police lost a USB device containing information about witnesses with links to serious criminal investigations. The device was stolen in a burglary. The force was fined £120,000.
A Solution to the Problem of Sensitive Data Stored on Portable Devices
In the cases mentioned above, the implications of data loss would have been far less severe if no-one was able to read the data they had found. This is possible with encryption.
For your business, you should be using device encryption - especially if anyone carries a device around with company information on it. A strong password and even two factor authentication on the login screen won't be enough, because the drive holding the data can just be removed and read from another device.
With encryption, your data remains encrypted regardless of where it is accessed from, or transferred to. Your data can be encrypted as soon as you created, and it remains encrypted regardless of whether it is transferred to a USB device or cloud storage system. This means that even if a cyber criminal obtained the device and removed the drive in order to extract the data, it would still be completely unreadable to them.
Encryption is Part of a Wider Security Strategy
You can't only rely on encryption to keep data unreadable on lost devices. The encryption will stop someone from being able to read the data by plugging the drive into another device - so they'll just turn their attention to forcing their way through your login screen instead. This is why it's vital to use strong passwords and two factor authentication as well as encryption on your devices to ensure the security of data.
Most passwords aren't strong enough, and can be cracked easily by cyber criminals. Using a strong password is vital, but you also need to add another layer of security with 2 Factor Authentication. This means a unique, time sensitive code needs to also be entered on login - and this is generated on a token or on your phone. Someone would need both your password and your token/app in order to log in.
We've Put together a short Cyber-Security guide for Your Business
This guide will show you in an easy to digest manner what you should and shouldn't do.
Click the button below to download the guide - Cyber Security Dos and Don'ts - and share is around your business: