Unencrypted Data: A Villain in Disguise
Data breaches are on the rise, and new threats are emerging every week. These cyberattacks harm companies and consumers, and their cost is rapidly rising. In fact, a recent study conducted by the Ponemon Institute and IBM Security put the average cost of a data breach at $3.86 million.
With the use of robust encryption, those costs could potentially be reduced or completely mitigated. After all, when there is a breach, the real harm comes when the cybercriminals can read and use the data they have gained access to. If no one can decipher the contents of the stolen files, there’s little risk of harm.
However, many companies don’t encrypt their data. Instead, they rely on other security technologies that protect data access, rather than the data itself. Companies that do use encryption often use it inconsistently. One recent study from a data security provider Vera, indicated that a mere percent of breached files were protected with encryption. Data from another Ponemon Institute study tells us that just 45% of companies have an encryption strategy applied consistently across their business.
Unencrypted Data Is a Liability
Encryption comes with a cost, and it’s not always easy to implement. Many companies fail to build encryption into internal security processes or employ digital rights management to help control file access.
Employees themselves continue to present a large obstacle. The Ponemon study found that 54% of companies consider employee mistakes the biggest threat to sensitive data, more than external hackers or malicious insiders. In addition, 69% of companies said that just figuring out where sensitive data resides in the organization was the biggest challenge to implementing encryption.
Other hindrances to a successful encryption strategy included figuring out what data to encrypt and developing a process for encryption key management, which is difficult, according to many respondents to the Ponemon study. As a result, end users sometimes find work-arounds to avoid using cloud security controls and other tools, because the solutions are difficult to use and they aren’t sure what they are supposed to be encrypting in the first place.
MSPs have an important role to play in helping their clients address these encryption challenges. Successfully doing so will not only help clients protect their data, but it will also reduce the costs and damage when breaches inevitably occur.
How can MSPs help? There are a few approaches to take:
- Help your clients conduct security audits. They may be doing their own internal audits, but the IT team isn’t necessarily an objective judge of their performance. An audit will not only help identify potential vulnerabilities, but it will also help clients identify what data needs to be encrypted and where it currently resides in the organization.
- Walk clients through their options when it comes to the level of encryption they may need. This will vary by industry (healthcare, for example, has stringent and well documented requirements) and could be impacted by the type of remote services you already provide.
- Help your clients establish encryption policies based on their business requirements, and offer guidance for leveraging technology to enforce those polices through training, automation and controls/management tools.
- Take advantage of available encryption capabilities in your managed services tool set. Barracuda Essentials, for example, provides outbound email protection using encryption.
- Leverage security event data to make the case for encryption, and help clients identify their most vulnerable data stores. For example, Barracuda’s EventLog Analyzer for the Web Application Firewall automatically collects and analyzes data and creates ready-made (and easy-to-understand) reports on user activity, attack mitigation and other security incidents.
Data threats aren’t going to decrease over time, and cybercriminals are becoming more inventive. It’s no longer enough to rely on just securing data access points; the data itself needs to be encrypted. Encryption can be challenging and complex, but given the rising cost of data breaches, the investment will be worth it for MSPs and their clients.
Neal Bradbury is Senior Director of Business Development for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for generating greater business value for the company’s MSP partner community and alliance partners.
This guest blog is part of a Channel Futures sponsorship.