January 2009                                                E-Newsletter
 
Geek-Gurui
 
Encryption  The low down on encryption

So Christmas is over for another year and 2009 brings new business opportunities and new IT challenges. Over the last few months we've been focusing on various security challenges and this month we will be dealing with the topic of encryption.

If there's one thing that could save your business both money and embarrassing PR or litigation it's ensuring confidential data does not end up in the wrong hands. From business e-mail to roaming laptops, USB disks to servers, the key to protecting your important data is encryption.

Encryption may seem daunting at first glance but it needn't be a complicated topic. The most important point to remember is that anywhere you might store or transmit data there is a risk of that data getting in to the wrong hands. The more 'steal-able' the medium, the greater the risk so items such as laptops and USB disk pose the greatest threat. The good news is there are numerous very capable encryption technologies just waiting so protect your data and it needn't cost of fortune.

This newsletter highlights the main areas of concern and please feel free to get in touch if you'd like more information on any of the topics covered in this issue.
Contact Us
We want these newsletters to be useful; a source of insider IT knowledge and inspiration. If you feel there is more we can do to make this newsletters useful to you and your business please 
e-mail us


Can't read this properly? Click to open in browser 
 
Laptop

Laptops - Your finest IT asset and worst IT enemy.

 There's no doubt that laptops are of huge value to modern businesses. The ability to take your work with you when you leave the office has made home working a reality for even the smallest businesses, has meant your sales team can take their IT resources with them wherever they go and has made businesses of all sizes more flexible and client focused.

With all these benefits it's no wonder that year on year the growth in laptop sales has far exceeded the growth of desktop PC sales with total sales of Laptops expected to outstrip desktops within the next 2 years.

The security issue with laptops comes about from the very reason for their popularity; the ability to take your work away from the office. By their very nature laptops are far more likely to be lost or stolen than their office based cousins and with the hardware also goes your confidential data, secure links in to your company network (such as VPNs) and any expensive software licenses or keys you may have purchased. Hardware can easily be replaced but a loss of confidential data can be far more problematic.

Protecting your business laptops from these risks is not difficult and here are the Geek-Guru guidelines for laptops security:

  • The first step to laptop security is defining a clear laptop policy as part of your standard IT policy (you do have an IT policy right?). This should clearly define what employees are and are not allowed to do with their laptops and also allows you to disseminate guidelines for keeping laptops secure.

  • Ensure employees know how to look after their laptops and where to leave them when they are away from work (not the back seat of the car for instance).

  • Install encryption software. Software can be installed (such as PGP featured below) that will encrypt the entire contents of a laptop using military strength encryption. By today's standards these are completely impenetrable and would mean the data stored on a laptop is completely safe if the laptop is ever lost or stolen.

  • Ensure you have an enforced password policy in place and that users know the importance of secure passwords. Even if you use encryption software it's only as secure as the password used to access the data.

  • Upgrade your laptops to Vista Enterprise or Ultimate. These versions of Vista come with a full-disk encryption package called bit locker which protects your data automatically at all times.

By following these guidelines you can minimise the risks of laptop theft and ensure that if the worst does occur and a laptop goes walkies it is nothing more than a financial annoyance.

Feel free to speak to one of the Geek-Guru engineers about any of these topics or drop us an e-mail if you require any additional information.

Do we need to encrypt desktop PCs?
Desktop machines aren't so susceptible to theft as laptops so encryption is not as much of an issue. The choice to install full disk encryption depends on several factors including the chance of a break in, the value of the data being stored on the machines and how well the network has been configured.

Unlike laptops, which require a local cache of data so that files can be worked on remotely, desktop machine are often configured such that data is actually accessed direct from the server. In these cases there is little of value actually stored on the PC itself and encryption is probably not necessary.

A well configured network will mitigate most security risks from the potential theft of desktop PCs so unless you are in an industry with very specific security needs (military, medical, legal etc) full disk encryption is probably an overkill.

Saying that some companies do chose to install whole disk encryption as part of a general security package such as PGP desktop. Packages such as these include software to protect e-mails, USB disk and the PCs drives so they represent value for money even if whole disk encryption is not a necessity on its own.

@ Sign E-mail & Messaging

Many people do not realise that e-mail is far from a secure technology. When an e-mail is sent it travels between the sender and receiver in plain text via any number of different stops. An individual e-mail may pass between tens or hundreds of routers to get to its end destination and each of these could potentially read or copy the contents of the e-mail.

Most companies don't need to worry about e-mail security; due in part to safety in numbers. A backbone router will pass millions of e-mails each day and unless there is a good reason for a hacker to do so it simply wouldn't be worth their while to isolate an individual companies mail.

Where this is not the case is where the data is of particularly high value or where there are specific data protection regulations. This might be the case for banks, medical institutions, governments and security firms for instance. In these cases e-mail encryption software is a necessity to protect data in transit and there are a number of packages that will handle e-mail encryption automatically.
Pendisk Removable Media

We talked a little bit about USB flash disk security in last months newsletter but it's worth reiterating the points. USB disks are great for moving data between computers but they are very easy to lose and are easily stolen. Storing confidential company data on a USB disk without using encryption is a disaster waiting to happen and will almost certainly put you in jeopardy of breaching your data protection obligations.

Protecting USB disks and other removable media is very easy and there are numerous software packages to help protect your data. At the cheaper end there are encrypted vault packages (available from as little as £30 per user) which create encrypted stores on USB disks that can only be opened by using a password. These protect data stored in the vault but can be rather clunky to operate and can't be enforced (i.e. users can still chose to save files outside the vault).

At the other end of the spectrum we have products such as SafeEnd (featured in last months newsletter) which provide fully automated, centrally controlled encryption of all USB disks used in a company. These are great for organisations that need to enforce security policies globally and in most cases the encryption is totally transparent to the end user.

Whatever software you chose to use the message is very clear. If you have data on a USB disk and it's of a confidential nature you need to ensure it's encrypted.
Featured Product

PGP Logo

PGP Corporation is a global leader in email and data encryption software for Enterprise Data Protection.  They produce a range of encryption packages to secure everything from USB disk to laptop hard drives:

  • E-mail Encryption
  • USB Drives
  • Full Disk Encryption
  • Mobile Encryption
  • Laptop Encryption
    • PDF Encryption

    Geek-Guru have experience with the entire range of PGP products and can advise on the best software for your specific business needs.
    Please call us if you'd like to discuss this or any other product.

    www.geek-guru.co.uk
    0845 2340580

    This e-mail is freely distributable. If you know someone who you think might like to read this please feel free to forward it on or drop us an e-mail and we'll add them to the database.

    Equally we don't want to offend so if you'd rather not receive the most up to date and inspirational IT ideas in future please click here to unsubscribe.