We are constantly warned about how important it is to protect our data and prevent hackers from accessing it. However, nowadays we are also told to encrypt so much that it might make you question whether you need to encrypt absolutely everything that you store, send and receive on your computer.
Do you really need to carry out full disk encryption, including data such as MP3s in case of an attacker gaining access to your computer or device? Well, the answer is no, but this guide should help you to decide what needs encrypting and what does not.
In reality, there are only two types of data that actually need to be protected: Personally Identifiable Information (PII) and confidential business information or intellectual property. Outside of these categories, it is really up to you as to whether you wish to encrypt the information. But what is classed as PII or intellectual property…?
What is Personally Identifiable Information?
In short, Personally Identifiable Information is information through which your personal identity could be discovered and or put at risk, should it fall into the wrong hands.
This includes:
- Names. In all of its forms: your full name, your maiden name, your mother’s maiden name and even any nicknames.
- Numbers. This covers everything, from your National Insurance number, to your passport and driving license numbers and, it almost goes without saying, your credit card number.
- Personal Information. This includes information you might not even deem as private, such as your date and place of birth, your religion and education or employment information. But also includes more obviously private things, such as financial and medical information and your address.
What does this mean I should encrypt?
- Bank statements, credit card statements and other financial data.
- Medical records, such as prescription information, appointment details, receipts and private insurance information.
- Any information you have relating to your work, job or performance at work.
- Any information with relation to your education, such as grades or university dissertations and theses.
What about for confidential business information/ intellectual property?
If your business stores customer or client information, that should be your priority in terms of data encryption. You may find, depending on your business type, that you are already subject to specific rules with regards to customer information.
You will also want to encrypt any files that contain confidential information about new products or business ideas. This includes any research that might have been carried out-why would you want someone else to exploit your hard work?
When someone steals a laptop or computer from a business, it can be the information on the device that is more valuable to them than the device itself.
Is there an easy way to determine what should be encrypted?
Yes, there are two simple questions that you can ask about data to determine whether or not you need to encrypt it.
1.If you had the information in hard copy, would you shred it before throwing it away?
2.If someone else obtained this information, would they have the potential to have detrimental effects on your personal safety, your business or your clients?
If the answer to either of these questions is yes, you should encrypt the file!
Disposing of sensitive data
Your responsibility for sensitive data doesn’t end when you dispose of a device. You should always ensure that any devices that may, or have contained sensitive material are disposed of in a secure manner.
Contact us on 0845 600 4696 if you are looking at any IT Asset Disposal and need advice.
[Photo Credit: Tony Webster ]
