Data is of paramount importance to any business but if it is accessed by unauthorised individuals or even criminals it could have a range of damaging implications. If your business handles confidential information it is worth considering using encryption in order to ensure that if data gets into the wrong hands, the details in this data cannot be accessed.

How does encryption work?

Encryption uses a key to encrypt data and that same key is needed to decrypt the data. The process of encryption runs the data through a formula meaning it cannot be understood by a third party. Encryption can be carried out on data that is stored but it can also be used in transferring data, i.e. via email.

Storing Data and Transferring Data Storing data

When storing sensitive data whether it is a backup or working data, you should always check what level of encryption is used.

Whether it is in the cloud or a physical backup, you should know where the data is at all times.

Transferring Data

When moving sensitive data it is important to encrypt this in case of loss.

Transferring data electronically is preferable as even if removable devices such as memory sticks are encrypted, these can easily be lost. Information Commissioner’s Office In the event of data being lost or stolen, you may need to notify the Information Commissioner’s Office.

If you have encrypted the data, the consequences may not be as severe due to you taking greater steps to ensure the data cannot be interpreted, even if it is intercepted. It is important to remember that the level of encryption used with be determined by the sensitivity of the data you are dealing with.

The implementation of this will also vary in complexity therefore you may need to consult your IT department or a specialist.

Emails

Emails have become a way of life; they are used at work, home, on the move and transcend geographical barriers. However, this development in communication has also lead to nearly 50% of all emails sent being spam.

Below we take a look at some of the vulnerabilities and how these can be protected.

Dangers of Emails

Shoulder surfing – With the increase in mobile technology, employees can now work from practically anywhere, whether this is with their mobile, laptop or tablet. The danger of this is that when working in a public place, someone nearby may take the opportunity to watch what you are doing. Be careful when opening sensitive emails in a public place. This also applies to working with any sensitive data.

Phishing emails

Phishing refers to the process of deceiving recipients into sharing sensitive information with an unknown third party (cyber criminal). Despite many tools in place to prevent them, phishing attacks continue to be a menace to individuals, employees and businesses. When phishers launch attack, they usually set up a malicious landing page that closely resembles the web page of a trusted brand or stakeholder. This makes it easier to convince victims into responding to a call-to-action, such as clicking on links, downloading and filling out forms.

Attachments and spelling mistakes

If the email is from someone you do not know and is unexpected, you should be cautious about opening any attachments as they could be harmful to your computer. In order to identify a phishing email as well as unusual attachments, you can look out for spelling mistakes or even an unusual email address that sent the email in the first place.

Spear Phishing

These are specific phishing emails targeted directly at your business. They are often harder to detect as they are likely to be from a company you do business with and will seem rather plausible.

Working Securely

Secure Email – There are certain email systems that operate much more securely and offer higher levels of encryption so anything passed through them is much more protected.

Encryption

Encryption is discussed in detail in another Advice sheet but it would essentially mean securing the contents of the email, i.e. attachments before they are sent so that if intercepted, the contents cannot be read.

Staff training

Human error plays a large part in criminals gaining access to your business via email. It only takes one person to open an attachment or click a link which could jeopardise your whole computer network.

It is important that all staff are aware of the risks and are always cautious of unexpected emails.