A Basic Grid for Protecting Your Data

BY:

Feb 24, 2016

A-Basic-Grid-for-Protecting-Your-Data

Sensitive information every business should keep encrypted.

A recent study by Sophos indicates that 87% of the organizations surveyed encrypt their data to some degree. They know it’s crucial to protect proprietary company data. But what other types of data are they encrypting?

If it’s sensitive data, a business should encrypt it. It’s one of those answers you know is right, but you don’t like hearing. The truth is that the type of business you run determines the data you create, use, and store. The best way to approach deciding about encryption it is to ask if the data has the following characteristics. If it does, you should keep it encrypted.

Here’s What’s Sensitive

  • Your confidential business data – It’s likely most of this data falls under no compliance regulations. The irony is that it’s often the target of attacks. It could be worth billions of dollars. Why wouldn’t you want to encrypt this data? It keeps trade secrets, business intelligence, sales data, and research out of the hands of those who want to sell it to your competitors.
  • Accounting data – The Sarbanes-Oxley Act regulates the reporting of financial data by public companies. It requires stringent and auditable data security measures. Encryption is the best way to comply.
  • Government data – All U.S. governmental agencies are required to follow FISMA guidelines to protect data from security breaches. Does your company work with a government agency? You risk more than losing them as a customer if that shared information is compromised. Information about government programs falls under these regulations.
  • Health data – The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services to develop regulations protecting the privacy and security of certain health information. The Act was updated in 2013. Health insurance data, medical information, and identifying information such as home addresses or social security numbers must be kept private. It’s a requirement if it’s reasonable and appropriate to encrypt the information. If you’re audited, be prepared to demonstrate why you believe encryption isn’t necessary.
  • Financial data – This is any kind of financial data you store or use to do business with customers. It includes credit card information, bank account numbers and credit-related information. PCI DSS regulations require strict security measures for any company that deals with credit cards. PCI DSS stands for Payment Card Industry Data Security Standard. These are standards merchants must follow which includes encryption requirements.
  • Individual data – If your company collects data that could be used for identity theft, you must comply with U.S. and international laws governing Personally Identifiable Information (PII).

Encryption and the Cloud

Encryption has to be a part of every company’s cloud strategy. The good news is that your cloud service provider is on top of the game.

Cloud encryption services can provide protection of your data wherever it is located in the cloud. The policies for what should be encrypted, though, start with you.

4 Questions about Your Data

You know it needs protection. Encryption is the best solution. To make encryption the foundation of your data protection strategy, you need to know your data’s lifecycle. Ask these four questions. They’ll help you uncover areas of threat.

1. How does data flow into and out of your organization?

2. How do your organization and your people make use of data?

3. Who has access to your data?

4. Where is your data?

Not Just What, but When

U.S. government laws and industry regulations mandate that sensitive data must be protected. Compliances and regulations for data security also apply to the state of data. It must be secure when it’s at rest, during transactions, and when it’s distributed through network connections.

The protection of data in its physical location and state has become even more important because of cloud storage and computing. All governments may not yet demand cloud encryption. Your industry may just be coming around to a strong push for it. You might find that the loudest demand for encryption protection is coming from your customers. This is because most sensitive data companies keep records of transactions with customers.

Related Blogs

  • This image shows a hand on a knob that says “service level.” Next to the knob is an old-fashioned analog gauge to measure satisfaction, with settings of low, med, high, and max. The needle on the gauge is at max." alt="">
    Amazon Connect Metric Capabilities for Measuring Queue Service Levels – What You Need to Know

    Amazon Connect analytics users can define queue service levels to measure customer contacts answered by an agent between 1 second and 7 days for both real-time and historical metrics Key Takeaways:...

    Learn More
  • A contact center agent handling a call" alt="">
    Amazon Connect Introduces Audio Device Settings for Custom Contact Control Panel

    Amazon Connect now offers more freedom to agents in the selection of their preferred audio device setting in the Contact Control Panel — here’s how to go enable it Key Takeaways: The new audio...

    Learn More
  • This image shows a magnifying glass made up of people on a white background. This is meant to illustrate a close analysis of customers in order to serve them better." alt="">
    How to Use Amazon Contact Lens to Analyze Conversations

    Get real-time insight into customer sentiment and trends with Contact Lens for Amazon Connect Key Takeaways: Contact Lens for Amazon Connect gives contact center managers a better understanding of...

    Learn More