The Files Every Business Should Be Encrypting Part 2
Welcome back to the second half of our two-part series on when and why your business should be using encryption. If you joined us last time, you’ve probably started to realize just how useful encryption is and that it can be applied to anything you’d like to keep safe from hackers, whether or not they make it past your firewall. In the first half, we covered encrypting client payment data at every stage and began to talk about the risk of identity theft if hackers get ahold of either client or employee personal information. Let’s pick back up where we left off at storing personal information once you’ve collected it.
Storing Personal Information
While companies may collect and delete personal information all the time, what you store is what the hackers are most likely to target. Databases full of juicy information are exactly what they want because it allows each attack to be a quick strike with a single goal and success parameters. All the hacker needs is one security breach to access a trove of personal data. Should hackers gain access to this collection of personal information, they might not even use the data for themselves. There is a thriving black market for ‘client lists’ that can then be used to target hundreds to thousands of victims at a time for scams, fraud, and identity theft. As you may have guessed, the best way to stop these criminals in their tracks is to encrypt these files and the databases holding them. Hackers can be foiled with encryption by denying them the spoils of even a successful raid.
3) Encrypting All Logins
Logins are something that has become a natural part of life. We log into apps, bank accounts, websites, online shops, and anything else a computer does that a person might want to access. However, no matter how familiar we may be with them, logins are not something to be taken lightly. The most important thing about logins to remember is that they handle authorization. Who is authorized to access client information? Only the client’s login and approved employees, right? This means that there are at least two different logins, one client login and one or more employee logins, that can get un-encrypted access to client personal information including their payment card numbers, addresses, security questions, and answers to those security questions (a very dangerous steal). Logins must be protected at every level and encryption is an important part of this.
Logging In Remotely
The first thing you need to remember about logins is that they don’t all happen on your network. In fact, clients log in on their own devices pretty much 100% of the time. They type in their username and password, then send that data to you over the web for confirmation. Right at that moment, a hacker doesn’t have to be in your network to steal the information, they just have to hack the client’s device or intercept the data packets containing the login in transit. This means that your website and mobile apps should be responsible for encrypting this information as soon as possible, ideally as it’s being typed but more realistically when the user hits ‘send’, the data is encrypted THEN sent. Encrypting on your end simply isn’t enough.
Storing Login Data
Having covered the responsibility to protect remotely, let’s come back closer to home and talk about receiving and storing login data. When a customer makes a login, they send it to you, preferably encrypted even at the start. Your business then stores that information in an authorization database that will be used to check future logins for the correct credentials. Needless to say, your login databases for both employee and client credentials need to be encrypted. It may seem obvious now, but hackers in the past have absolutely been able to steal an entire collection of passwords and either steal from, scrape for data, or corrupt several customer accounts before they were detected and passwords were changed.
4) Sensitive Business Information
Our final note on encryption is something you’ve probably already been thinking about. Every business, no matter how transparent, has a few things that it’s best to keep private. Neither your competitors nor your customers need to know the exact details of your financial information nor do they need access to your internal work product. However, from R&D results to the monthly budget analysis, you can bet that a hacker will find a way to use any information they can find to their benefit. If there’s anything you’d like to keep private or simply don’t feel like sharing with an unusually successful hacker, encrypt it and keep it encrypted.
Your business finances are part of the private workings of your company. They not only show the overall health of each location and the business as a whole, financial documents can also reveal ways you do business, who you do business with, and important clues about how you maintain your edge against the competition. Even if you don’t feel that there’s anything to hide, it’s important to understand how others can use your financial information against you. At best, hackers might try to access bank accounts they now have account numbers for and at worst, they might use signs of a recent financial struggle to hurt your stock prices or try to ruin someone’s career. By keeping every financial document down to expense account receipt scans encrypted, you ensure that your finances remain a private to be handled internally.
Finally, the last thing you need to worry about encrypting (for now) are your trade secrets. Every company has some way they maintain an edge over their competitors from a restaurant’s secret ingredient to an incredibly well-written algorithm for your B2B software platform. Don’t fool yourself into thinking that hackers are too unsophisticated to understand the importance of these secrets. The black-hat community has recently been discovered to be using hacked hotel wifi just to steal trade secrets from the laptops of traveling high-level professionals. Anything private that you wouldn’t share in a report, consider encrypting because hackers can and will seek it out to sell to your competitors.
It doesn’t matter what industry you’re in or even how many customers you serve a year. If you run a business, handle payments, keep personal data, or want to maintain an edge in your industry, it’s important to know exactly when and where to encrypt. Because cybersecurity is a constantly evolving practice of better hacks and better defenses, security breaches will happen. If one happens to you, make sure the black-hat criminals come away empty handed. For more news, tips, and trends in business cybersecurity and data encryption, contact us today!