Jul 292011

If you have read my 5 Step Data Security Plan for Small Businesses article in addition to many of my blog posts, you will see where I advise that encryption is one of the best and cheapest data security measures a small business can take to protect their data.

So let’s talk about the main areas where it makes sense to use encrytion.

  1. Files
  2. Computers and Servers
  3. Email

Files – There are several options for encrypting files. 

  1. If you need to do a quick file encryption, most programs today offer the ability to encypt files created within the program.  Microsoft Office 2007 and above for example allows you to do fairly easy AES 128-bit encryption.  Note:  Microsoft 2003 also offers encryption, but there are some weaknesses in the encryption so I would avoid it.  In Office 2007 just click on the Microsoft Office button in the top left corner, select Prepare, and then enter in a password.  In Office 2010 click the File tab, select Info, select Protect Document, select Encrypt with Password, and enter a password.  If someone is using an older verion of Office, they can still open your file by either installing the Microsoft Office Compatibility Pack or running an MS operating system that supports AES encryption.  Other programs like Adobe also allow you to encrypt files. 
  2. An easier way to encrypt any and all files, that is not software platform dependant, is to download and use an encryption software like TrueCrypt or DiskCryptor.  Note:  TrueCrypt can be used with Windows 7/Vista/XP, Mac OS X, and Linux operating systems. DiskCryptor works with Microsoft operating systems only.

Computers and Servers – For computers or servers, you can use TrueCrypt to encrypt the entire hard drive or disk drive.  It is a fairly simple process, and TrueCrypt provides you with step-by-step instructions.  You should especially consider encrypting any servers or computers where you store critical data and mobile laptops. 

Email – There are several options for encrypting emails. 

  1. If you just need to encrypt a file before sending it, then follow the steps I covered above in the File encryption section. 
  2. If you would like to encrypt the entire email, you can use a third party software like MessageLock, or you can use a third party service like Sendinc.  Sendinc provides the most “hassle free” way to encrypt an email, but keep in mind you are using their third party cloud service.

Any of the options I mentioned above will provide you with solid encryption protection.  The last thing to remember is even though you are using encryption, you still want to use a strong password, and keep the password in a safe place.

Jun 062011

I am linking to two cloud computing articles released today.  Both articles discuss security related issues involved with using cloud data storage services.  I have several blog posts linking to cloud storage articles since many small businesses are either already using the cloud service or considering using a cloud storage or computing service.  There are many pros to using a cloud service such as reduced costs, but security continues to be a huge con.  My advice stays the same.  If you are using a cloud storage service, and you are storing sensitive data, make sure you encrypt the files and folders before uploading them.   Two free encryption alternatives are DiskCryptor and TrueCrypt.

Article 1 – Security Manager’s Journal: Giving cloud storage the ax: No SaaS storage vendors have implemented adequate safeguards that will keep corporate data safe.

Article 2 – Cloud Insecurities: 43 Percent of Enterprises Surveyed Have had Security Issues With Their Cloud Service Providers

Apr 182011

Here is a good article discussing the top 12 IT mistakes most small businesses make.  I have discussed many of these same data security and backup issues in blog posts and articles.

I will also add the following: As I always recommend, if you are using a cloud service or offsite data storage service for your backups, and you are storing sensitive information, make sure you add further protections such as encryption (discussed in my link above). Also do not discount freeware. I discuss two excellent free software options in my data security article linked above – free encryption software and free network scanning software.

Article snippet, and the full article link is below.

“Small business expert Steve Strauss recently posted his Top 12 IT Mistakes Most Small Companies Make on Symantec’s web site.

Once upon a time, small business people did not have to worry about being computer experts or IT savvy – it was just about business. Today, that scenario is merely fairytale. Anyone who owns, runs or works in small business must be as smart about IT as they are about business, says Symantec.

The following tips will help small businesses avoid common IT security and data protection missteps that can put the lifeblood…”

via Top 12 IT Mistakes Most Small Companies Make. Are You Making These?

Apr 012011

The link to the article below discusses recent lost or stolen laptops that were not encrypted.  I have written about the need for encryption many times and not just laptops.  As easy as it is to lose a laptop, it is also not hard for thieves to break into your office and steal desktops, servers, etc containing sensitive information.  In fact this type of theft is becoming more prevalent because there is very little in the way of protection for these devices, and it is an easy way to access client personal data such as bank account info.  

Encryption is one of the cheapest and best ways to protect your small business.  Take a look at my 5 Step Data Security Plan for Small Businesses for tips on encryption as well as other steps you can take to protect your small business

Article snippet and full article link below. 

“The continuing failure by most enterprises to encrypt sensitive data stored on laptops and other mobile devices is inexcusable, analysts said following BP’s disclosure this week of a data compromise involving a lost laptop.

The computer contained unencrypted personal data such as names, Social Security numbers and dates of birth belonging to about 13,000 individuals who had submitted claims with the company over last year’s disastrous oil spill.

According to BP, an employee lost the laptop while on routine business travel.

The company is only the latest in a long list of organizations that have made similar announcements over the past several years. In fact, data compromises involving lost or stolen laptops, unencrypted storage disks, and other mobile devices account for a substantial…”

via Failure to encrypt portable devices inexcusable, say analysts – Computerworld.

Mar 302011

Here is an article discussing how small businesses should consider encryption options if you are using a cloud storage service. I have posted about the need for encryption if you plan to use a cloud service for storing senstitive data.

Article snippet and full article link below.

“Recent Microsoft research shows that almost two-fifths of companies will start paying for cloud services within three years. Cloud-using firms need to revisit their encryption needs.

According to Phil Lieberman, President and CEO of Lieberman Software, whilst the economic imperative of migrating data to a cloud resource is clear to see, organizations also need to revisit their data encryption resources before making the leap.

“Microsoft’s research notes that 39 per cent of SMBs expect to be paying …”

via The need for data encryption in the cloud – Help Net Security.