6 myths about data encryption

March 14, 2018

Lorne Lavine, DMD

Article

Encryption may seem like a scary process, but can you really afford to have unsecured data?

Data breaches are in the headlines almost every day, yet only a small percentage of cyber attacks target the big organizations like Sony, Anthem or the U.S. government. If you’re a small- or mid-sized business (SMB), like a dental practice, your data is under attack too.

More than 700 million records were compromised in 2014, and 53 percent of confirmed data loss incidents are in organizations of less than 1,000 users, according to a report by Verizon. No business or institution anywhere in the world is immune to data theft, regardless of geography, size or industry.

So much of IT security is focused on protecting physical things - servers, desktops and laptops, mobile devices - but dental offices should think more about how to protect the valuable data on those computers. With the proliferation of data and the need to access data from anywhere at any time, encryption is rapidly emerging as the best place to start your security strategy.

Despite the cold, hard facts of data breaches and accidental data loss, practices are slow to adopt encryption. Why? In part, it’s because encryption has long been shrouded in myths.

Myth: Only businesses that have compliance requirements where encryption is mandated by law need to use encryption.

Truth: For any type of organization, data has value and needs to be protected. That may be customer information (names, emails, credit card information), internal finance or competitive information, employee information, intellectual property and more. Simply put, data is currency - it has value and should be protected as such. Companies should always encrypt sensitive data, whether legally obligated or not. Of course, HIPAA requires encryption, so it’s sort of a moot point!

Myth: Encryption is too complicated and requires too many resources.

Truth: Data encryption can be very simple to implement and manage. The key is to understand the types of data you need to encrypt, where it lives and who should have access to it. Plus, if you choose full-disk encryption, it becomes even easier for everyone to secure their data on a daily basis.

Myth: Encryption will kill database and application performance.

Truth: Performance of applications, databases, servers and networks is a top priority of IT and end users. When designed and implemented properly, encryption can not only protect the critical data running through those systems, but its presence can have minimal impact on performance that’s imperceptible to users.

Myth: Encryption doesn’t make data stored in the cloud more secure.

Truth: Storing encrypted data in the cloud is more secure than storing non-encrypted data in the cloud. Do you know where cloud data is stored? Who truly has access to it? The answers to these questions underscore the reason that all data that’s sent to the cloud should be encrypted, with the encryption keys controlled by you.

Myth: Encrypting data is more important than key management.

Truth: Encryption without careful key management is pointless. Too many organizations fail to manage their encryption keys, either storing them on the same server as the encrypted data or allowing a cloud provider to manage them. You wouldn’t want to lock your car and leave the keys in the door.

Myth: If your data is encrypted, it can’t be stolen.

Truth: Encryption doesn’t stop data loss or theft, but it does keep data safe by making it unreadable and unusable. Choose an encryption solution that provides proof that your data was indeed encrypted.

Dental offices should consider encryption of any and all devices that contain patient data - it’s your only “Get-Out-Of-Jail-Free card” if you ever suffer a breach.