Encryption is a basic term used to describe the act of encoding data, files, and digital communications such that only those with the cipher could read or understand the information. Think back to the decoder ring you got in your cereal box; the messages it decoded were encrypted. There are many different encryption algorithms used today (3DES, AES, etc.). The technical aspects of encryption are less important to attorneys practicing data privacy and security law than the actual application of encrypting your sensitive data. Below are four common areas where data breaches occur and where you should be particularly conscious of your use of encryption.
USB & Portable Drives:
USB keys or thumb drives pose an enormous risk to data privacy and security. These small devices are easily lost or misplaced. Can you quickly and easily identify which of your devices have sensitive data stored on them? Any portable device that is used to store client data of any kind should be encrypted. Both Windows and MacOS have a method of quickly and easily encrypting such devices.
File Sharing & Transfer sites:
Today it is very common for attorneys and clients to share and transmit large files via cloud based services like Dropbox, Google Drive, etc. Not all of these services are equal. In fact, many of these sites have multiple service levels. There is a difference between Dropbox and Dropbox for Business for instance. You want to be sure that any file sharing site you use not only encrypts your files in transport (as you upload them to the site) but also in rest as your files are stored in the cloud.
Most email communication today uses Transport Layer Security (TLS) to encrypt the message in transit. If you are sending sensitive information via email you want to make sure that not only your organization is using TLS but that the recipient’s mail servers are configured to use TLS as well. There are also many methods of encrypting an individual email message prior to sending it via your organization’s email system.
Have you or a colleague ever left your laptop on the plane or had it stolen out of your car? A simple user name and password is not enough to keep the data contained on your hard drive safe. Your laptop’s hard drive should be encrypted in order to prevent unauthorized access to your sensitive data.
**** Please contact your IT Department for more information about your organization’s policies and preferred methods of encrypting your data for each of these areas. ****