Over the last few years, IT and information security departments have been faced increasingly with a double whammy – the growing severity of data breaches and increasingly stringent data security and privacy regulations. COVID-19 and the almost overnight change to remote working, served as the final nail for many with IT architectures not set up to handle these new scenarios.
The current adoption of work-from-home policies across industries has created unprecedented opportunities for cybercriminals to exploit security vulnerabilities and trigger a data breach.
As Sandy Shen from Gartner notes, the COVID effect “Is a wake-up call for organizations that have placed too much focus on daily operational needs at the expense of investing in digital business and long-term resilience.”
In April 2020 Google reveled that in just one week gmail saw over 18 million daily malware and phishing emails related to COVID-19. Individuals were (and still are) being sent a huge variety of emails which impersonate authorities, such as the World Health Organization (WHO), in an effort to persuade victims to download software or donate to bogus causes. The numbers are not surprising however, even before the pandemic hit us, email continued to be the number one threat vector in cybersecurity.
Together, all these issues have contributed to a rush from organizations to consider data centric solutions rather than perimeter solutions, with an eye firmly on securing sensitive data and services across all channels.
As more email and file sharing applications are hosted in virtual, cloud-based and hybrid platforms, protecting the confidentiality and integrity of enterprise data can be difficult. Data encryption is an obvious solution, but with many point solutions on the market, these address just one part of the puzzle. This in turn introduces an increased level of complexity when it comes to managing multiple data security solutions. And what of the increased levels of trust demanded by extremely sensitive data sets such as those classified as governmental or organizational top secret.
Encryption can be viewed as complex, and the management of encryption keys can be challenging for those organisations without strong security specialists. It’s important to remember that whoever controls the keys controls access to the data.
- Start with your data and operations. How you work and how you value your data is most important: the tool should fit you, not the other way round.
- Select encryption and key management technologies that offer a smart, centralised approach. Once data’s lost it’s lost, so no good building a fortress around your datacentre if your laptops are leaky.
- Ensure the tools fit your environment and work across clouds, on-premises and in data centres. Consistency is key – less to learn, less to go wrong, greater business agility.
- Implement strong identity technologies: hardware-backed PKI for machines, multi-factor authentication for humans
nCipher and Galaxkey have partnered together to provide an easy to use, high assurance encryption platform that allows users to encrypt their email and file data, no matter the network they traverse or where they are stored – so you can sleep peacefully at night!
If you’d like to learn more about protecting your sensitive email, files and electronic document signing, why not check out our webinar with Galaxkey.
Click here to register for the live webinar on July 16, or view on-demand later