Personal data is highly valuable — not just for the businesses, organizations and agencies that maintain it, but also for the hackers who go to extremes to gain access to it. Once a system vulnerability is exploited and the information extracted, hackers can command a substantial price per record on the black market where the stolen data can be used for fraud, identity theft or other nefarious activities.
However, the degree of usefulness of personally identifiable information depends on that information’s readability. If the records are indecipherable due to data encryption, they have little value for illicit activities. This is why data encryption is absolutely essential.
In addition to a complete breach response plan, encryption helps to limit the damage done by an attack. The recent incident at LastPass, the cloud-based password management platform, serves as a demonstration. Although hackers accessed LastPass’s sensitive information, including master passwords, security question responses and email addresses, the salting and hashing methods applied to the records make it more difficult for the data to function for any criminal activity.
In contrast, the recent data breach at the Office of Personnel Management (OPM) – where an estimated 18 million records were compromised – was successful because the data wasn’t encrypted. In addition to personal details, the compromised data included security clearance information and background investigations that could be extremely damaging to individuals’ privacy, as well as our national security. The lack of encryption on these files has created a disastrous fallout for the OPM, which is facing a class action lawsuit for mishandling information and failing to put data safeguards in place.
Regardless of whether your organization currently employs data protection methods or you’re trying to implement a plan, there are ways to improve your data encryption. For instance, managed security services can help organizations understand whether their information is encrypted, and how vulnerable the network is to data loss. With this guidance, companies can undertake data encryption efforts affordably and effectively, and avoid a fate similar to OPM.