0

Respecting data privacy rights through data encryption

Respecting data privacy rights through data encryption

Data rights are human rights.

Whilst that principle is embedded within and encouraged by data regulations, including GDPR, DPA, CCPA and HIPAA, it is counteractively provoked by technologies, such as live facial recognition surveillance, that carry the looming risk of abuse and weaponization. Data privacy is often the price for services, whether it be police protection, app use or be given targeted, more relevant advertisements. This dichotomy has been the source of much debate, scrutiny and concern.

Data privacy must be a top priority for all organisations and should be considered from the outset of data sharing initiatives. Of course, avoiding hefty fines, job losses or suffering brand damage are all significant impetuses to protecting data. However, respect for consumers’ data privacy rights will drive organisations to go the extra mile to ensure data confidentiality.

This begs the question; how can data privacy be achieved? Whether or not data privacy, on a wider and global scale, can ever be truly achieved would perhaps be a more appropriate question. However, small measures taken to keep sensitive information protected and confidential can have a positive ripple effect. Individual organisations can take the lead in respecting their customers’ data privacy by encrypting data in transit and at rest.

How can you encrypt data in the cloud?

Encrypting data is a requirement of most compliance standards. Yet, a study in 2020 found that an alarming 43% of cloud databases are not encrypted. Organisations are under constant attack and, regardless of whether the attack makes headlines or not, the data should be protected. To ensure data privacy when faced with common threats, such as DDoS and malware attacks, data must be encrypted before it is sent to the cloud, in transit and at rest.

For ultra-secure encryption, that data should preferably be encrypted with a FIPS certified randomly generated AES 256-bit encrypted encryption key. Confidential information stored on a local computer or drive, sent via email or file sharing services (such as WeTransfer) and shared in the cloud should be securely encrypted.

The more people the data is shared with, the greater the challenge to ensure data privacy. Storing data in one place and accessed by authorised users only, who have a copy of the encrypted encryption key at hand, can allow for efficient working whilst ensuring data security. Sharing encrypted data securely allows for instant collaboration in the cloud, saving time in what would be days of posting encrypted USB flash drives to and from colleagues.

Controlling the encryption key

If the data is stored in the cloud, control of the encryption key is important. Granted, most cloud service providers (CSPs) will encrypt their customers’ data and some even offer a key management system service, which allows customers to manage their encryption keys. However, the encryption key is stored in the cloud and thus accessible to hackers and cloud staff – much like leaving your house key under the doormat that half the neighbourhood knows about.

The user needs full and secure control of the encryption key in order to ensure the data is kept confidential even if the cloud account is hacked. Having your own key management system will not only give you more control of encryption keys but is also more convenient for those using a multi-cloud solution.

Security measures must go beyond the cloud login credentials. If a hacker obtains the user’s credentials, the breach will go unnoticed to the CSP as they won’t be able to decipher between a legitimate user from an attacker. By keeping the encryption key, which should be encrypted itself within an ultra-secure Common Criteria EAL5+ (Hardware Certified) ready secure microprocessor along with a PIN authenticated code, away from the cloud increases the number of security measures from just one authentication, the cloud account login, to as much as a five-factor authentication.

Back up encrypted data using USB flash and hard-disk drives

Backing up valuable data onto an encrypted hard-disk drive can save organisations the trouble of losing access to important information during a ransomware attack. Using a PIN protected hard disk drive will secure the data even if the drive is lost or stolen, avoiding the risk of their data being accessed or viewed by unauthorised persons.

To avoid losing sensitive information in the event of a ransomware attack, sharing information using PIN protected USB flash drives is another safe option. This can be especially useful for remote workers as they can securely protect and back up their confidential data whilst on the go.

Encrypting data within a unique and dedicated hardware based Common Criteria EAL5+ (Hardware Certified) ready secure microprocessor is the ideal solution. The ultra-secure microprocessor employs built-in physical protection mechanisms, designed to thwart cyber-attacks, such as side-channel attacks designed to defend against external tampering, bypass laser attacks and fault injections.

All critical components within the drive should be covered by a layer of super tough epoxy resin, which is virtually impossible to remove without causing permanent damage to the critical components. If breached, the drive’s tamper evident design will provide visible evidence that tampering has occurred. Brute force limitation is an excellent feature to look for in a drive. If the PIN is entered incorrectly 10 consecutive times, the PIN will be deleted and the drive can only be accessed by entering the Admin PIN to reset the User PIN. If the Admin PIN is entered incorrectly 10 consecutive times, the encrypted encryption key is deleted along with all data previously stored in the drive.

Conclusion

To keep sensitive information confidential, data stored locally on a computer, on a drive or in the cloud, or shared via email or file sharing service, must be encrypted. Data encryption is an important stride towards data privacy, helping organisations comply with regulations like GDPR. As fears of a looming Big Brother dystopian future grow and as data breaches hit headlines on a regular basis, organisations can stand out as data privacy pioneers and earn their customers’ trust.

datAshur helps Kettering Borough Council meet GDPR regulations.

iStorage helps Kettering Borough Council meet GDPR regulations

Kettering Borough Council

Case Study: Kettering Borough Council

Ensuring GDPR compliance with datAshur flash drives from iStorage

To effectively provide services to local businesses and residents, Kettering Borough Council need to collect sensitive and confidential personal data. Collecting such data can place local authorities in a vulnerable position, as GDPR regulations must be met to ensure personal data is securely stored and protected in case of a cyber-attack or employee error resulting in data loss.

Protecting sensitive data

Kettering Borough Council operate within the County of Northamptonshire region and are dedicated in offering residential support for over 100,000 constituents. The services that Kettering Borough Council offer residents include leisure services, business rates, housing, and planning.

datAshur

GDPR solution

Kettering Borough Council turned to iStorage to find an ideal solution which would enable the council to effectively store their constituents’ personal data securely, enabling them to fulfil their promise to protect the needs of their constituents as well as meeting vital GDPR regulation laws.

After considering two possible vendors for the purchase of encrypted flash-drives, Kettering Borough Council concluded that iStorage would be the vendor of choice. When prompted on how the council came to this conclusion, IT Analyst Phil stated:

“When considering which option would be best for our needs, we found that iStorage seemed to have the best product in the market for what we wanted to achieve.”

datAshur USB flash drives

Kettering Borough Council therefore chose iStorage and have purchased datAshur flash drives to issue out to their team. They are currently pleased with their results, stating:

“The drives have been easy for the team to learn and use and have met expectations on being a secure solution.”

Trusted Data Storage Solutions With Advanced Security Features

iStorage full product range

iStorage is the trusted global leader of award-winning PIN authenticated, hardware encrypted data storage and cloud encryption devices. We deliver the most innovative products to securely store and protect data to military specified encryption levels, safeguarding valuable business information whilst ensuring compliance to regulations and directives.

Visit our website or get in touch for more information:

www.istorage-uk.com

info@istorage-uk.com

+44 (0)20 8991 6260

Hybrid Working: 5 Tips to Protect your Data.

5 Tips for protecting your data when hybrid working

As the last year has unfolded, the working dynamic has distinctly shifted to a new landscape. With Accenture reporting that 83% of 9,326 workers surveyed saying they prefer a hybrid model; hybrid working is set to become the newfound way of living for millions of employees across the country.

Despite hybrid working creating various opportunities and benefits for employees and employers alike, the hybrid working model raises questions on the vulnerability of data security. Constantly carrying sensitive data between home and the office could place companies at risk due to continuous issues such as unsecure personal networks or human error.

Today we wanted to provide our top 5 tips on improving security hygiene whilst hybrid working to minimise risk of data protection.

1.

Keep a safe back up of sensitive information.

All-important files should be regularly and securely backed up. Backing up valuable data onto a PIN-authenticated, encrypted USB flash drive or HDD/SSD can save businesses the trouble of losing access to important information during a ransomware attack. It is worth noting the importance of all staff, especially those working remotely, having a secure Wi-Fi connection, and checking all security software is up to date to avoid such an attack from occurring in the first place.

Using an encrypted drive for backing up data is essential. For ultimate protection, the selected drive should preferably have an on-device crypto-chip offering the ultimate standard of encryption, known as AES-XTS 256-bit hardware encryption. As a result, if the encrypted device, such as a USB flash drive or hard disk drive, is lost or stolen, it will not result in a data breach for the exposure of client or company data.

The encrypted USB flash drive or HDD/SSD should additionally include an extra added layer of security such as a Common Criteria EAL 5+ (Hardware Certified), which employs built-in physical protection mechanisms, designed to thwart an array of cyber-attacks, such as side-channel attacks.

2.

Transport files securely.

Securely carry work home with you using a PIN protected, encrypted USB flash drive or HDD/SSD. In the worst-case scenario of the drive getting lost or stolen when employees transport files or work out of the office, an encrypted drive as described above will allow organisations to avoid the risk of their data being accessed or viewed.

Moreover, if the drives are only accessible by entering a unique 7-15-digit PIN, it will prevent unauthorised access to the data stored on the drive. Another feature worth considering is brute force limitation. If the PIN is entered incorrectly a designated number of times, all data previously stored in the drive is deleted and the drive is reset.

When power to the USB port is turned off, or if the drive is unplugged from the host device or after a predetermined period of inactivity, the drive should automatically lock to prevent unauthorised access. Using a drive that can also be configured as a read only (write protect) will ensure the data is not illegally modified.

3.

Encrypt data stored in the cloud.

The cloud is often the preferred option for hybrid working. However, cloud security is a common major concern, meaning most businesses will hesitate to store any highly confidential information in the cloud. Is there a way around this issue?

To ensure data privacy when faced with common threats, such as DDoS and malware attacks, data must be encrypted in transit and at rest. Data encryption renders stored and transmitted data unreadable and unusable in the event of theft or inadvertent data leakage.

Encryption cannot be dependent on the cloud service provider (CSP). With serverside encryption, the encryption key is stored in the cloud and thus accessible to hackers and cloud staff. It is therefore best for organisations to individually encrypt data stored in the public cloud. The user needs full and secure control of the encryption key in order to ensure the data is kept confidential even if the cloud account is hacked. Having your own key management system will not only give you more control of encryption keys but it’s also more convenient for those using a multi-cloud solution.

An ideal solution to control the encryption key is to quite literally remove it from the cloud and physically store the encrypted encryption key within a PIN authenticated USB module. The module will not store any data. Rather, it will act as a key to encrypt data and access any data in the cloud. It can thus be used to securely encrypt confidential information stored on a local computer or network drive, sent via email or sent using a file sharing service.

4.

Ensure authorised access to data.

Using specific software, such as iStorage KeyWriter, all critical security parameters between the primary encryption module and as many secondary encryption modules as required can be copied, including the randomly generated encryption key and all PINs. Only those with a copy of the encryption key will be able to decrypt the shared data. This allows for secure and instant collaboration in the cloud between authorised users, regardless of location.

Businesses need a clear procedure that all staff follow to uphold adherence to data protection regulations, even more so with the rise of remote workers. Multifactor authentication is a highly recommended best practice for data protection compliance. If a hacker obtains the cloud user’s credentials, the breach will go unnoticed to the CSP as it won’t be able to decipher between a legitimate user from an attacker. On the other hand, the encryption module increases security measures to an unprecedented five-factor authentication, as the encryption key is kept away from the cloud.

5.

Manage access to data remotely

Handing authorised staff an encryption module will contribute to reducing the risk of data loss due to human error. Still, this does not entirely eliminate the possibility of such an occurrence. For example, an individual may lose the encryption module or be dismissed and keep the device. This is where central management is needed.

Those responsible for cloud and data security in the organisation should be able to monitor file activity, set geo-fencing and time fencing restrictions, encrypt file names and disable users’ access to the data remotely. This will go a long way in eliminating security risks in the cloud and help managers have full visibility and administration of sensitive data and user access

These measures will contribute to maintaining business continuity, upholding compliance to data protection regulations and eliminating any complexity of remote working.

At iStorage, we can assist organisations with remote workers to: (1) safely transport and back up data using our datAshur or diskAshur range, and (2) securely share and manage data in the cloud using our cloudAshur solution.

Encryption: An introductory guide on why it matters

An introduction to encryption

Encryption is often a subject that we see thrown around within the media, but for a lot of us it still may not be a term that we fully understand. Whilst it can be a complicated issue, with the right information and tools we can all implement a basic level of encryption within our lives in order to protect ourselves online. We’re here to provide and simplify the information you need to make these essential changes.

What is encryption?

Encryption is a form of scrambling data to ensure a piece of information can only be deciphered by the owner of that data. In technical terms, it is the process of translating and un-translating text from original readable text into incomprehensible text also known as cipher text. This cipher text makes any data unreadable to the human eye, therefore rendering the data as useless to unauthorised readers.

Why is encryption important?

Digital data is becoming increasingly pivotal to our personal lives, our economic prosperity and our general security. Just as we would lock up the doors into our homes each night to protect ourselves from unauthorised access, we must continue this way of living through to our online lives. Implementing digital security can support the way we communicate, to the way we bank, socialise and shop. At the heart of this digital security lies encryption, which equals privacy, GDPR compliance for businesses and most of all, peace of mind.

How does encryption work?

Encryption is essentially a piece of encoding data that encodes a file or message by scrambling text. This text can then be translated back into its original form when the correct recipient accesses the data, a term known as decryption. In order to translate this data, the recipient will have a unique encryption key. This key can be a password, sequence of numbers or another alternative sequence of numbers or letters.

Are encryption and cryptography the same thing?

It may be difficult to understand exactly what the difference is between encryption and cryptography, as essentially their roles are similar. Both roles can however be distinguished based from their purpose. Cryptography is the art of disguising your writing, a strategy which has been famously used for centuries originating from the Ancient Greeks and Spartans. Encryption however is a form of cryptography which specifically converts plain text data into cyphertext. Whilst encryption is a form of cryptography, they are not inherently the same.

Can encryption be hacked?

Whilst it isn’t as straightforward as it sounds, encryption can in fact be hacked. However, to hack this would take an excessive amount of time, resources, and technical knowledge. A hacker would fundamentally hack encryption either by intercepting data before encryption or after decryption, or they would use the method of stealing your unique encryption key. Often, data storage companies will have a sole purpose of ensuring their product is as hard to hack as possible. For example, cannot be accessed unless a hacker were to have a physical iStorage drive, and the PIN Number acting as the key. The hacker will have a total of 10 attempts to guess the 7-15 length unique PIN before the drive gets wiped and all data is lost forever. The hacker will also be unable to access the core of the drive due to the super tough epoxy resin which covers all components within the device, which would essentially cause permanent damage to the drive if tampered with.

Are all levels of encryption the same?

When investing in encryption, it may be worth understanding what the standard level across the globe is. Not all encryptions are the same, with each standard offering various levels of protection.

The current standard within most government or IT departments within all industries is known as the ‘Advanced Encryption System’ (known as AES). This system originated as being the encryption standard for the US government in 2001 before slowly being integrated internationally as the overall standard level of encryption. Within AES, there are three levels of encryption: 128, 192 and 256 bits. AES 256-bit is commercially the most robust and strongest form that is available today. All iStorage devices are encrypted using AES-XTS 256-bit hardware encryption, ensuring your data receives the ultimate line of defense.

 

Overall, using this newfound knowledge on encryption, we highly recommend that you make a plan to move your digital life onto encrypted storage, create a back up and then you can be sure that your private life and confidential data stay just that way – private and confidential.