About half of respondents to a new vendor survey say they have been reported to the Information Commissioner’s Office (ICO) in the UK since the general data protection regulation (GDPR) came into force in May 2018.
This might seem surprising, given that the same annual survey also found that around nine in ten organisations also admitted a policy of encrypting data on portable media such as USB drives.
Covid-19 has meant, meanwhile, that delivery and postal services are busier than ever as more organisations are using a distributed network of workers based in remote offices or at home. This surely makes encryption more important than ever.
“In addition, widespread airline cancellations can also pose a significant operational impact on the scheduled distribution of mail,” notes secure storage specialist iStorage in an press statement.
“When sharing sensitive information, some may opt for secure postal delivery. More likely though, in the digital age, if someone wants to share a highly confidential document, they will probably either email it, use a file sharing service or share it in the cloud.”
Organisations – and individuals – increasingly need to share information quickly without compromising data protection. Data breaches can result in heavy fines.
“Studies reveal that cloud misconfigurations exposed over 33 billion records in two years. If it’s not hacks or technical issues, the other common cause of data leakage is human error. According to a study by IBM, 24 per cent of data breaches are caused by human error,” says iStorage.
Posting an encrypted USB might be a secure alternative to the post – unless physical delivery is delayed of course.
But there are a range of solutions. Products like iStorage’s patented cloudAshur give users a solution for encrypting, sharing and managing data in a cloud-based way.
CloudAshur can also encrypt data stored on a local network or drive, or email attachments, or data shared via file sharing services. And it’s best not to leave encryption in the hands of the cloud service provider – best practice is for the user to have full control of the encryption key, in case of a breach.
CloudAshur, for instance, physically stores the encrypted encryption key within a PIN-authenticated, AES-XTS 256-bit hardware encrypted USB module. Each authorised user can be given a clone of the encryption module.
iStorage also offers a range of encrypted SSDs, HDDs and flash drives, which can be monitored using a remote management console. “Those responsible for cloud and data security in the organisation can manage and monitor cloudAshur devices centrally.
The iStorage diskAshur2 encrypted hard drive was in March named the most secure in Popular Mechanics‘ list of the best external hard drives.
The vendor has government certifications covering its diskAshur PRO2 and DT2 HDDs and SSDs – including FIPS 140-2 Level 2/3, NCSC CPA, NLNCSA BSPA and NATO Restricted level. In addition, a premium flash drive, the datAShur PRO, has been certified to FIPS 140-2 Level 3, NLNSCA DEP-In and NATO Restricted level.