Small Business Guide to Encryption

February 3, 2022
3 minutes

Your business's private data is accessible on the public domain of the internet. The average cost to cover a security breach is $3.86 million according to a 2018 study conducted by IBM. Large businesses and corporations have security and IT teams, which are tasked with keeping the data of the business secure. What about small businesses or start-ups that also have critical data and security needs but can't afford an entire department to look over their security? 

What’s all the hype? 

There is a lot of hype about encryption these days, but what exactly is encryption? Simply put, encryption uses algorithms to protect the data you send, receive, or store by scrabbling the plain text so that it can only be read with a digital key or cipher. One of the earliest known encryptions was the Caesar cipher, which scrabbled each letter of Julius Caesar’s wartime messages by the same number of letters up or down in the alphabet. This type of cipher can easily be deciphered by trying each letter in the alphabet, but the different encryption algorithms that exist today, with endless possible scrambles, would take a supercomputer one billion-billion years to break. 

Small business encryption checks: 

This is by no means a comprehensive encryption strategy for your small business, but will provide a launching pad to find the right tools and resources to build a lasting security strategy to protect the future of your growing business. 

Check legal requirements: What laws or regulations does your company need to comply with for data storage and collection? HIPAA, GDPR, GBLA, and CCPA (now the CPRA) all have encryption compliance, which might apply to your business. For example, under Section 1798.150(a)(1) of CCPA “non-encrypted or non-redacted public information” that is breached could result in a class action lawsuit with fines anywhere from $100-$750 per consumer incident. Be sure to check state and industry requirements for the kind of data you are collecting or storing. Fifteen states require encryption if social security numbers are being collected. Hiring a data-security consulting specialist could be a good idea to make sure you are protecting your company and customers. 

Encrypt your hardware: Make sure your hard drive, external drives and thumb drives are all encrypted with either built-in encryption or a third-party service. 

Encrypt online data: Make sure your online platforms, cloud storage, and communications—video conferencing, email, and team chats, are happening on encrypted platforms. If not, be sure to add a layer of encryption or switch to an online service that provides encryption.

Classify data: Know what data your business is collecting on customers, as well as employees, and classify it based on how sensitive the data is and how secure your encryption measures are. Any websites that your business uses to store employee or customer data needs to stay up to date on the latest encryption practices. 

Protect encryption keys: Have a plan to guard your encryption keys and control access. It goes without saying that all this encrypting will be worthless if the keys fall into the hands of cybercriminals. 

Potential threats: Have a plan in place to detect potential threats. Companies like Stealthbits can report suspicious activity on your website before a breach happens. 

Don’t cut back on security. We know it is expensive and can seem unnecessary at times, especially if you need to make budget cuts. You won’t realize how important security is until it is too late. 

It is never too early to start thinking about how to protect your business’s data with encryption. It can be overwhelming with all the options out there for encryption, but do your research and the time and effort will pay off.