Encryption 101: Protecting Your Investment Firm's Sensitive Material
The amount of data and information that passes through the Internet every day is – for lack of a better term - enormous. And truth be told, sometimes we are sharing information that we don’t want to get into the wrong hands, whether it be via email, instant message or other communications. Think: credit card information, personal information (name, address, social security number, etc.), bank account information or sensitive company or financial data.
A secure way to transmit this information is through encryption. According to TechTarget, encryption is “the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.”
The history of encryption, believe it or not, began a long time before the Internet existed and we started sending electronic data. The ancient Greeks and Romans, in fact, sent secret messages by substituting letters that only a secret key code could decipher. In the time of Julius Caesar, he created a cipher by which he shifted letters to the left or right to hide his messages.
Modern encryption, thankfully, has developed into something much more sophisticated. The most widely accepted standard on encryption these days is the Advanced Encryption Standard (AES), which was established by the National Institute of Standards and Technology (NIST) in 2001. AES is considered asymmetric public key infrastructure (PKI) encryption – one of two typical encryption methods used today:
PKI encryption uses two linked cryptographic keys; “The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature.”
Symmetric key encryption uses cryptographic keys that are the same, meaning both parties must have the same key to successfully share their encrypted message.
What should you encrypt?
Storing Data (Hard Drives/Files)
Depending on the type of information you’re storing, you may want to consider an encryption solution that stores data files. If your firm collects and stores investor or client financial or personal information, for example, encryption may be necessary. Internet Protocol Security (IPSec) or SSL-based encryption are two examples of encryption methods for protecting outbound-Internet and in-network communications.
Sending Data (Email)
Whether across an internal firm network or within a cloud solution, encryption is essentially a required function when emailing important information, particularly for firms in the financial services industry who handle sensitive material. When used in conjunction with other email security features (e.g. anti-virus, anti-spam, etc.), email encryption offers users comprehensive, multi-layered security protections when sending delicate information. Tip: be sure that your firm’s encryption solution is compliant with any required regulatory legislation such as SOX, GLBA, PIPEDA or the European Union Data Directive.
Traveling with Data (Laptops, Mobile Devices)
In some cases, firms may opt to encrypt laptops and/or mobile devices to ensure that when users are traveling, confidential company information doesn’t get into the wrong hands. While some devices feature inherent encryption technology (e.g. iOS 4.0+ and Android 4.0+), other devices will need to be protected via external software applications.
Eze Email Security solution
Eze Email Security is a comprehensive email security solution that allows firms to protect intellectual property, reduce downtime associated with email threats and enhance client trust. With Eze Email Security, every outbound email message is scanned by compliance and content filters before being sent to the recipient. Any message that matches defined compliance policies is encrypted. To learn more about Eze Email Security, please contact us.