Cyber Insurance and Encryption

Posted by un1teee On April 7, 2022

Introduction

Encryption is the method of taking information and encoding it in a way that makes it appear like nonsense to someone who doesn’t have permission to view that information. Decryption is the reverse: taking encoded information and returning it to its original form.

An integral part of cybersecurity, encryption is something that cyber insurance companies love to see at their clients’ businesses.

A Bqqmf a Day Keeps the Doctor Away

How does encryption work?

Take a piece of information, such as the word apple.

Using a simple encryption algorithm, we can ‘scramble’ the word so that it turns into: bqqmf. All we did was change each letter to the one that comes next in the alphabet.

Granted, this is a very crude example of encryption, and the algorithms that businesses use to encrypt their sensitive data are much more sophisticated. But this example illustrates the essence of encryption: taking information and turning it into apparent nonsense using an algorithm, which is just a set of rules or instructions for how to change the information.

Does Your SMB Need Encryption?

This one’s easy — yes, your SMB definitely needs to use encryption as part of its cybersecurity program. Most likely, your organization already uses encryption for some functions, like email and password storage.

But there are levels of encryption. How much encryption does your business use? And what sorts of encryption algorithms are protecting your data? Outdated ones that experienced hackers can easily get around, or the latest and strongest algorithms that are virtually impossible to figure out without an encryption key?

And what about data in transit vs. data at rest? While it’s true that data in transit — data that’s being sent from one location to another — is more vulnerable than data that’s just sitting there on a storage device, it’s not as if data at rest is totally safe. Using encryption on both types of data will give your organization a stronger, more complete security posture, as well as impress cyber insurance carriers.

Bottom line: When your encryption methods are sophisticated and comprehensive, it’s much harder for hackers to make use of any information they manage to steal from your organization. This not only helps keep your business safe, but also, it can get your company better deals on cyber insurance. Cyber insurance carriers will want to know what level of encryption is in place at your business before giving you coverage and setting your premium.

Encryption and Compliance

In part 2 of this Super Simple Guide, we discussed compliance — how it helps protect your business from cyberattacks and keeps the costs of cyber coverage low. What we didn’t talk about was how important encryption is to compliance.

It’s very important! The most common compliance regulations either require or strongly recommend the use of encryption for certain business functions. Here’s a list of some regulations that expressly include encryption as part of their guidelines:

HIPAA
GDPR
CCPA
PCI
SOX

Bottom line: Get serious about encrypting your company’s data, or find yourself not only vulnerable to cyberattacks, but in breach of compliance.

3 Tips for Implementing Encryption at Your SMB

Tip #1: Work with a trusted IT provider

Encryption isn’t too complicated as a concept, but figuring out exactly what to encrypt and how to encrypt it takes time, energy, and IT expertise. Working closely with a trusted IT provider such as a managed service provider (MSP) can make the process much easier.

Tip #2: Integrate encryption strategies with other security practices

Encrypting your data is only one piece of a sound data protection strategy. Make sure your encryption is embedded in a larger framework of security tools and practices, such as a robust firewall, secure servers on which to store encryption keys, and regular cybersecurity training for staff. That last one is particularly important, as 85% of breaches are caused by human error (Verizon).

Tip #3: Check the cloud!

If you work with a cloud provider, you’ll want to make sure they are on the same page when it comes to your encryption strategy. If your cloud provider isn’t observing strict security policies, your encryption keys could fall into the wrong hands and render your encryption efforts meaningless.

*DOWNLOAD OUR FREE CYBER INSURANCE CHECKLIST NOW*