Flouting the Law
Have you read the Data Protection Act 1998 recently? You know if you carry out business in the UK you really should. Did you know that not to fall foul of the Data Protection Act you should amongst other things be aware of the following?:
· Encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen.
· Consider whether the content of emails should be encrypted or password protected.
· If you send a sensitive email from a secure server to an insecure recipient, security will be threatened. You may need to check that the recipient’s arrangements are secure enough before sending your message.
If you currently do none of these things then you are flouting the law and are acting rather cavalier with the data you hold. Continuing to do business in this way could lead to you becoming the next newspaper headline. Apart from the direct financial implications this could have, consider the in-direct cost and loss of reputation.
As a responsible business you will need to deploy some encryption software. In fact it’s far stronger than that! If you want to be legal you will need to deploy some encryption software. Now before you throw your hands up in the air and shout “but what about the expense and do you know how complicated that would be”, think again. Modern email and file encryption software has come a long way in the past three or four years. The act of becoming legal in this regard should result in virtually no change to your existing processes.
First Things First
Before you rush out and grab the first product that offers you low cost easy encryption, take stock of the complete landscape. Do you need to protect data at rest, on mobile devices as well as when contained in an email? The chances are that you do. This will narrow the field considerably. One prime contender will be Egress Switch. I have had first hand experience of this product and found that it ticked all of my boxes.
Things To Look For
When selecting your solution there are a number of major ticks you want in the box;
· Independent certification of the something like FIPS or CAPS approval
· Simple one or two click operation
· Integration with existing architecture, spam, virus and content filters
· Allows free use by non subscribed recipient
· Ability to access secure data anywhere on iPhone, iPad, Blackberry and Android.
· Ability to encrypt files on hard drives, thumb drives and CD-ROMs
· Ability to set enterprise wide policy regarding what is to be encrypted when leaving the network
· Audit trail of what has been sent and received
When you have found the right product for you and successfully deployed it you will have that warm comfortably numb sensation of being legal at last. Doing nothing about complying with the Data Protection Act is not an option. Securing your data should be a no brainer!