The 20’s Super Simple Guide to Cyber Insurance
Part 3 – Cyber Insurance and Encryption
Encryption is the method of taking information and encoding it so that it looks like nonsense to someone without permission to access it. Decryption is the reverse: taking encoded information and returning it to its original form.
An integral part of cybersecurity, encryption is something that cyber insurance companies love to see at their clients’ businesses.
How Does Encryption Work?
Take a piece of information, such as the word apple. Using a simple encryption algorithm, we can ‘scramble’ the word so that it turns into: bqqmf. All we did was change each letter to the one that comes next in the alphabet.
Although crude – typical algorithms are much more sophisticated – this example illustrates the essence of encryption: taking information and turning it into apparent nonsense according to a set of rules or instructions for how to change the information. Check out our full blog on encryption if you’re interested in learning more.
Do You Need Encryption?
Most likely, your organization already uses encryption for some functions, like email and password storage. But there are levels of encryption.
How much encryption does your business use? And what sorts of encryption algorithms are protecting your data? Are you using outdated algorithms that can be easily bypassed by experienced hackers, or are you using the latest and strongest algorithms that are virtually impossible to figure out without an encryption key?
And what about data in transit vs. data at rest? Data in transit – data that’s being sent from one location to another – is generally more vulnerable than data at rest, which is data stored on a device, due to its higher risk of interception by attackers. However, this doesn’t mean that data at rest is totally safe. Using encryption on both types of data will give your organization a stronger, more complete security posture, as well as impress cyber insurance carriers.
Bottom line: When your encryption methods are sophisticated and comprehensive, it’s much harder for hackers to make use of any information they manage to steal from your organization. This not only helps keep your business safe, but can also lead to better deals on cyber insurance. Cyber insurance carriers will want to know the level of encryption you have in place before giving you coverage and setting your premium.
Encryption and Compliance
In part 2 of this Super Simple Guide, we discussed compliance – how it helps protect your business from cyberattacks and keeps the costs of cyber coverage low. What we didn’t talk about was how important encryption is to compliance.
It’s very important! The most common compliance regulations either require or strongly recommend the use of encryption for certain business functions. Here’s a list of some regulations that expressly include encryption as part of their guidelines:
- HIPAA
- GDPR
- CCPA
- PCI
- SOX
Bottom line: Get serious about encrypting your company’s data, or find yourself not only vulnerable to cyberattacks, but in breach of compliance.
3 Tips for Implementing Encryption at Your SMB
Tip #1: Work with a trusted IT provider.
Encryption isn’t too complicated as a concept, but figuring out exactly what to encrypt and how to encrypt it takes time, energy, and IT expertise. Working closely with a trusted IT provider such as a managed service provider (MSP) can make the process much easier.
Tip #2: Integrate encryption strategies with other security practices.
Encrypting your data is only one piece of a sound data protection strategy. Make sure your encryption is embedded in a larger framework of security tools and practices, such as a robust firewall, secure servers on which to store encryption keys, and regular cybersecurity training for staff. That last one is particularly important, as nearly 70% of breaches are caused by human error.
Tip #3: Check the cloud!
If you work with a cloud provider, you’ll want to make sure they are on the same page when it comes to your encryption strategy. If your cloud provider isn’t observing strict security policies, your encryption keys could fall into the wrong hands and render your encryption efforts meaningless.
What’s Next?
Next in our cyber insurance journey, we’ll be covering Cyber Insurance and Scope of Data – or the kinds of data that your insurance policy may cover during a cyber incident. Keep an eye on our main blog page for when it goes live!