Picture this: You're Ethan Hunt and you've been assigned to a new impossible mission. Your assignment is to steal a laptop containing sensitive information from an evil corporation and decipher it. Through a series of magnificant feats - overcome with the help of your high-tech utility belt - you finally get your hands on the laptop. Surrounded by your team of code-crackers, you open the laptop expecting the code to be as indecipherable as your girlfriend's mood. Surfing through the laptop's contents, the mission takes a rather possible turn. All of the communication and incriminating information thought to be impossible to interpret is laid out, un-encrypted and as vulnerable as a snowball on a hot summer day. Sounds far-fetched right? Not quite. A large portion of both good and evil companies today are woefully lacking in the area of file encryption. This is why we're introducing Un-Encrypted Files as the sixth SOPHOS Deadly IT Sin.
There is no immunity to the damage that comes from someone gaining access to your company’s files. Organizations face the enormous expense of mailing written breach notifications and making available identify theft protection services for hacked information. For example, healthcare companies that have been infiltrated face steep penalties under the HIPAA enforcement rules as well as civil lawsuits brought by individuals with breached information.
Typically when we think of attacks and infiltration, there is some black hat hacker posing as a janitor, waiting for 5 PM clockout so he can wipe his target's network clean. However, more and more often thieves are going after painful weak spots like company laptops and smartphones. Even geniuses aren’t invulnerable to attack, back in 2012, NASA had a laptop stolen from an employees locked car. The data on it was un-encrypted.
According to Richard J. Keegan Jr., associate deputy administrator of NASA, “the laptop contained records of sensitive personally identifiable information (PII) for a large number of NASA employees, contractors and others… Although the laptop was password protected, it did not have whole disk encryption software, which means the information on the laptop could be accessible to unauthorized individuals… Because of the amount of information that must be reviewed and validated electronically and manually, it may take up to 60 days for all individuals impacted by this breach to be identified and contacted."
Your company can avoid having to make statements like that if you follow a few key steps:
- Use full-disk encryption on all laptops
- Use server encryption
- Encrypt your email
- Implement file encryption across cloud and mobile devices
Hopefully you aren’t the kind of evil corporation that Ethan Hunt has to take down, but if you want to defeat bad guys, then now is the time to start looking for options to help you avoid the stiff penalties.
Want to know how VLCM and SOPHOS can help you protect yourself and your company?