With small business cyber crime on the rise, business owners need to do everything they can to protect themselves and their data. Here’s how encryption can help.
Encryption is a way to secure your data, either while it is stored on a system or device, such as a hard drive or smartphone, or while it is in transit, such as being transmitted across networks.
Encryption comes from the Greek word “kryptos,” meaning hidden or secret. When data is encrypted, it is transformed so only the intended parties can read it by utilizing a secret key. This is done automatically with the help of encryption technology, which uses an algorithm called a cipher to “disguise” your data and allows people with the right key to decrypt, or unscramble, the information and view the plain text. (For a more in-depth description of how encryption works, review this article from MakeUseOf.) Encryption is used routinely in the digital realm to keep businesses and customers secure. For example, encryption protects your financial information at the ATM, or when you are making an online purchase if you are patronizing a site using SSL.
For small businesses, encryption is an underutilized form of protection. When your information is not encrypted, you make a hacker’s job easier. Should they infiltrate your network, they will be able to easily use the plain-text information they steal. However, if your data is encrypted, they won’t be able to interpret it, or you will have at least made it much more challenging for them to do so. (Cyber criminals can take steps to decrypt data, but it requires tools, expertise, and time, so you’re very likely deterring all but the most persistent ones.)
The Role of Encryption in Healthcare Cyber Security
Cyber criminals target the healthcare industry more frequently than any other sector. IBM’s 2016 Cyber Security Intelligence Index, a survey of IBM’s Security Services clients, found that companies storing patient data experience 36 percent more security threats than organizations in other verticals. These companies are targeted frequently because of the high-value customer data they possess. People’s personal health and financial information are prime targets for thieves who use it for identity theft or ransomware attacks. While many businesses use some form of encryption to protect data in transit, too few use the strategy to protect data at rest. Healthcare data encryption is especially critical. Considering the increased role portable technology devices like laptops, mobile phones, and flash drives play in business operations, and the rise in data security threats, this is particularly important.
A security breach isn’t just bad news for your clients whose information has been compromised, it is also bad news for your organization. According to the HIPAA Breach Notification Rule, organizations must “provide notification following a breach of unsecured protected health information.” If the breach affects more than 500 individuals, the organization also has to inform the media. That is certainly not the kind of press anyone is looking for.
Here is where encryption comes in. The incident is not considered a breach if the individual’s information is protected and the business can prove that the data has a low probability of being compromised. This is assessed using a variety of risk factors. Encryption is cited as one of the technologies and methodologies for “rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals.” In short, encryption can protect your customers and your company in the event of a security breach. (More information about this rule is available here. Businesses should read and understand HIPAA rules in their entirety and work with their legal counsel to understand their ramifications.)
According to the latest healthcare cyber security report by Redspin, Breach Report 2016: Protected Health Information (PHI), there was a 320 percent increase in the number of providers victimized by hackers in 2016 compared to the previous year. Most of these attacks targeted smaller offices. This annual report routinely includes recommendations for reducing vulnerabilities, and year after year, encryption makes the list. The latest iteration acknowledges the growing role laptops, smartphones, and flash drives play in companies’ day-to-day operations and, in light of this, describes encrypting data “at rest and in motion” as a “sure-fire, but still often neglected, way to avoid the breach report.1”
Encryption is a valuable protective measure for all small businesses regardless of industry segment. It is a proven way to help protect your valuable data and should be part of your small business’s approach to data security.
Do you need assistance with small business data encryption? Anderson Technologies, a team of cyber security specialists in St. Louis, has extensive experience working with small businesses to keep their organizations secure. To learn more, call 314.394.3001 or email firstname.lastname@example.org today.
1 “Breach Report 2016: Protected Health Information (PHI), February 2017, by Cynergistek and Redspin, pg. 18