17 October 2011 (#NCSAM – National Cyber Security Awareness Month)

Encryption:

To encrypt or not encrypt, that is the question (a hat tip to the Bard of Avon).

In this day and age of digital data thefts, careless loss of hardware and infusion of crimeware / malware, in my opinion it pays to encrypt.  When and what should be encrypted?

For the family – if you aren’t encrypting your entire hard drive (and your back up drives) and opting for selective data encryption, then you should focus on your personal health information, your financial information and anything that could be used in a manner detrimental to you and your family interests.  If your device has an SSD (solid state drive) you should also consider full disk encryption, as it serves two purposes – one it protects your data today and two, when you destroy the key file off the drive, it protects your drive upon unit disposal, as overwrite methodologies used with standard magnetic drives is not applicable to SSD.

For the business – you should encrypt period.  An encrypted drive, lost or misplaced becomes a paperweight to the individual who finds (stole) the device.  Safe harbors exist with respect to breach notifications for encrypted devices.  Now it is equally important to use the encryption.  I have seen in my professional career, far too many instances of encryption being provided to an employee and the employee opting NOT to turn on the encryption due to degradation in throughput.  So don’t let the convenience factor trump your data security.

Stay safe and secure,

Christopher

SSD’s and the Importance of Encryption by Emmitt Jorgensen