Encryption tools began to be talked about especially in the context of the GDPR. But be aware that encryption is one of the basic safeguards for both personal and company data. In my opinion, it is necessary for portable data devices.
Have you ever lost a flash drive or a recorded CD / DVD? It happens very often, it also often happens that we lend pendrives to friends or colleagues, on which there are already some files with a number of important or even very important data, whether business or personal (photos, research results)
Have you ever had your laptop stolen from a car while in a hipermarket? I know at least a few such cases.
Of course, you can have a car or property insurance, but we will only get compensation for the equipment, not the data. Importantly, anyone can access unencrypted data on such media or device.
What usually falls prey to data thieves? Personal data of employees, customers, suppliers, contracts, offers, orders, CVs of employees and job candidates … As you can see, this is both personal and business data. Loss of business data can mean a company’s financial loss.
I can tell you a story that happened to me many years ago in one of the enterprises with which I cooperated. An offer for a delivery worth many millions of zlotys was prepared as part of public proceedings, on which the company was to earn several hundred thousand. The offer, as required, was submitted on time, but unfortunately it turned out that one of the competitors submitted an offer with exactly the price differing by exactly 0.4% in each item. It could not be an accident – because cases of this type are less likely than winning six in a lottery. Why did this happen? Well, the data with the offer was neither protected by any password nor encrypted. Someone “writing colloquially” stole the data and gave it to the competition. Such an event should not take place in the case of a carefully developed IT security policy (be it data encryption, DLP system or the development of proper access to network disk resources – preferably a set of these tools).
Life is one thing and legal regulations are another thing – let us recall what Article 32 GDPR says on the security of processing: “/ … / the administrator and the processor implement appropriate technical and organizational measures to ensure a level of security corresponding to this risk, including, but not limited to case: a) / … / encryption of personal data / … / “;
The solution should
So the answer whether it is worth encrypting data is obvious … worth it, because lack of encryption can cost. And I do not want to duplicate here information about potential penalties arising from the GDPR, but we should realize that “regretting” the amount of 100 zlotys per year per position, we may lose several (several dozen, several hundred) thousand zlotys.
Do you encrypt your data?
Author: Przemysław Kucharzewski