Encryption and its role in data security
Businesses have always relied on data but as we gather more and more information, it’s created a situation where the security of the data is just as important as the info itself. Recent changes to UK and EU law have meant that data security is at the front of many people’s minds, particularly for confidential or sensitive data that some businesses need. The financial penalties for non-compliance also mean companies are no longer rejecting data encryption options based on cost, but are assessing them for the risk they help mitigate.
Encryption is simply the process of taking readable information using an encryption key to alter it into what appears to be gibberish. The encryption key both encodes at the sender’s machine and decodes at the recipients, and without it the message should be useless.
Why is encryption vital for all organisations?
Leaving data unencrypted on your network is an open invitation to cybercriminals, and one that could potentially bankrupt your business. But hackers can’t profit from data they can’t read. As a result, more organisations and individuals are using encryption to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.
While the primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the internet or any other computer network, when implemented properly, it can also:
- Improve security
While we can take measures to protect IT systems and computers with firewalls and anti-virus software, these aren’t infallible against determined cyber attackers. Encryption rounds out your security arsenal by not only protecting data whilst in transit – when it’s at its most vulnerable – but also for other types of attacks, as managing to steal encrypted data is a lot of effort for very little gain, as the data is almost useless without the encryption key. - Maintain data integrity
Encryption also helps to reduce fraud by preventing data from being adjusted by unauthorised people. Hackers may not want to steal the info, but instead alter contact details or security questions, to allow another accomplice to phone up, be able to answer security questions and then commit fraud. Encrypted data could be adjusted, but once decoded, the alterations would be apparent and highlighted for fraud. - Help compliance
A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ and – where appropriate – look to use methods such as pseudonymisation (the practice of replacing identifying data with artificial values) and encryption. It’s therefore important that an organisation’s IT, security and legal teams work together to define what data their business needs to store, where it needs to be stored and the level of encryption that’s going to be used. - Protect data across devices
Mobiles and devices such as laptops, iPads and home computers are a big part of our lives and transferring data from device to device is a risky proposition. Encryption technology can help protect stored data across all devices, even during transfer. - Protect privacy and increase customer trust
Sensitive customer details, such as bank records, credit card numbers or order histories are simply expected these days to remain secure. Customers who don’t believe their information is safe are unlikely to allow businesses to use it, preventing them from collecting payments or processing orders. Encryption can be used to protect sensitive data, including personal information for individuals, helping to ensure anonymity and privacy, and increasing customer trust.
But while encryption is the most effective form of data security, on the whole it is still woefully underutilised. One reason for this may be that demand for computer science skills far outstrips the supply of qualified graduates.
The University of York’s MSc Computer Science with Cyber Security online Masters programme is designed to advance computational thinking; software development skills and develop a broad-based knowledge of computer science to equip working professionals and graduates for a range of positions in software and web development, IT systems, support and programming. The 100% online programme allows you to study around your existing work and home commitments, at different times and locations, and has six start dates a year. There is a pay-per-module option available, and students may be eligible for a government backed postgraduate loans which cover the cost of the course.