With most businesses issuing laptops and other mobile devices in place of desktop computers, remote working becoming increasingly popular. This area of IT security often gets overlooked: what happens if the files and data stored on a company mobile device is stolen or lost?
Even if a device is password protected, with a screwdriver it's easy to remove the hard disk, hook it up to another computer and copy files. If that data includes sensitive business information, it could harm your company or even leave you in breach of the GDPR.
Encryption scrambles data
Encryption can be used to scramble the data stored on your laptop, mobile device or on external media like USB drives and memory sticks. This makes it virtually impossible for hackers to decode the information without knowing your individual password or encryption key - even if they get their hands on the media on which your data is stored.
Encryption is very secure because it rearranges the data in such a way that it's virtually impossible to make sense of until it has been decrypted.
Technically, hackers could break into an encrypted file, but it's so difficult and would take so long that doing so is impractical.
Encryption should be standard practice
There's a very good argument that encryption should be standard practice for any company that issues laptops and mobile devices to its staff:
- It adds an extra level of defence. With laptop encryption and external media encryption, even if a staff member loses the item containing the data, the data itself will be secure.
- It's a reliable way to protect data. When set up correctly, encryption is nearly impossible to break. It probably won't stop a thief reusing the hardware, but it will prevent them accessing the files on it.
- It's unlikely to cause disruption to your staff. There are lots of ways to implement external media and laptop encryption, so you should be able to find one that doesn't significantly affect your business processes.
Using laptop encryption can reduce the performance of your computer, especially if it's a few years old. This is because your computer has to put a lot more effort into working with encrypted files than unencrypted ones.
There are two main options for encryption:
1. Data-centric encryption:
This approach to encryption encrypts data as it's stored on the system. This protects files on the main disk and gives you the option to secure data on external media like USB keys.
Data-centric encryption has the minimum impact on performance, because you only encrypt important data, not application or operating system files.
To set up data-centric encryption, you need to define encryption settings so your device knows which files to encrypt. How you do this will depend on the software you use, but typically the settings are in a management console.
Once you've done that, data will be encrypted automatically, without you having to do anything else.
Additionally, if your company's IT systems access levels are managed centrally, you can create encryption settings which allow encrypted data to be easily shared between people in your company. This means your employees don't have to encrypt and decrypt files when sharing them.
2. Full disk encryption:
The most secure option is to encrypt all the data on your devices. You can be completely confident your data is protected, although the performance cost is higher because every single file has to be encrypted or decrypted.
Implementing full-disk encryption can also be tricky if your company's computers are managed centrally. You can't generally encrypt external media, and full-disk encryption can also interfere with software updates, meaning you'll have to change how you roll these out.
Most companies find data-centric encryption is the best of these two encryption options, as it's usually easier to set up than full-disk encryption, and has less impact on device performance.
Hardware or software encryption
Many hard disks are now available with encryption built in. These ‘self-encrypting drives' don't affect computer performance so much as the encryption is performed by a dedicated computer chip.
However, self-encrypting drives do not help you to encrypt data stored on USB keys. For this you still need to rely on software encryption.
Performance issues with software encryption are fading. Modern computer processors are designed to handle encryption, so the performance impact is negligible with newer computers.