What’s the Deal with Encrypting Mobile Devices?
I’m sure you have heard or read many headlines about the importance of encrypting your mobile devices, but does it really pertain to you? Maybe you think you’ll never lose your phone, or that your password will never be cracked. Think about this: the Ponemon Institute conducted a study on data breaches caused by mobile devices and found that 67% of enterprises have already experienced a mobile data breach. Combine that percentage with the new surge of sophisticated attacks like auto-rooting and spyware and you have yourself a recipe for disaster.
Data breaches are a top threat when dealing with lost or stolen smartphones and other mobile devices. In a study done by McAfee, they found that out of a sample of 439 organizations, 142,708 employee smartphones went missing in one year. “60% of smartphones are believed to contain sensitive and confidential information, 57% were not protected with available security features.” They also found that the industries reporting the highest rate of smartphone loss were health and pharmaceuticals, education and research, and public sector organizations—all industries that deal with highly sensitive information regularly.
When it comes to mobile devices for business purposes, encryption is a must. HIPAA and PCI-DSS are only a few of the compliance standards that many organizations must adhere to. With any lost or stolen device used for business purposes, there is potential for Personally Identifiable Information (PII), protected health information, or other confidential information to be located on that device, putting the business at risk for breaches, non-adherence to compliance standards, and ultimately major fines or loss of business.
What is Encryption?
Encryption converts your device’s data into ciphertext, which causes the data to be seemingly scrambled and unreadable. This makes it very difficult for anyone trying to read the data, which is why an “off switch” feature is used to allow your data to become readable again. This “off switch” comes in the form of a cipher and bit sequence, like a PIN.
Word of caution: make sure this PIN is documented within a secure company file in case the PIN is ever forgotten or if the employee no longer works for the company, ensuring that the data will still be accessible.
Different Types of Encryption
Encryption comes as either a software or a hardware-based solution. Hardware encryption is physically located within the mobile device and automatically scrambles everything, whereas software encryption is an individual program or application that is downloaded to your mobile device and only scrambles the data that a given application decides to protect. Software encryption can also apply different cipher and key lock protection to various pieces of data – hardware encryption can only apply the same cipher and key.
Which Should You Use?
If your mobile device lacks hardware encryption, then you will want to use software; however, if you have the ability to use hardware, I recommend that you use it. Software requires going through a separate vendor, and that can be risky when confidential customer information is involved. You will also probably have to pay for the software, whereas, hardware already comes standard on your device.
The ultimate way to protect your data from prying eyes is to use a combination of hardware and software. Hardware because it’s on a physical level that encrypts the entirety of your data, and software for the extra features and as a backup if hardware fails.