Device encryption increased over the past year, according to a third of organisations
May 2021 by Apricorn
Apricorn announced findings of its annual survey exploring the implementation of encryption technology within organisations. The survey highlighted that a third (32%) of organisations have seen an increase in encryption across all mobile and removeable devices in the past year. Additionally, 31 percent noted that their organisation now requires all data to be encrypted as standard, whether it’s at rest or in transit, and 24 per cent require the encryption of all data when it’s being stored on their systems or in the cloud. Further to this, 27 per cent of surveyed IT decision makers stated their organisation has increased the implementation of encryption in other ways - up from zero in the Apricorn 2020 survey. This rise is likely due to organisations having had to operate in new working environments with increased remote working and the need to implement new systems and controls as a consequence.
“Jon Fielding, Managing Director EMEA, Apricorn commented: “The pandemic upended business operations, with vast numbers thrown into remote working. Data traffic is no longer simply moving from the confines of the corporate network, but from numerous devices and from a multitude of locations. Encryption is increasingly recognised as a key component for data security and cyber resilience, especially at the highest levels. Examples include the use of encryption being one of very few technologies recommended within GDPR and Joe Biden’s recent Executive order, stipulating the need to adopt encryption for data at rest and in transit. If ever there were a time to increase and execute the use of encryption, this is it!”
Regardless of the increase in the use of encryption, when asked to select up to three main causes of a data breach within their organisation, 30 per cent of those surveyed report lack of encryption (12%) and lost/misplaced devices containing sensitive corporate information (18%) as main causes. This could be due to the absence of control over corporate data.
When reporting up to three of the biggest challenges associated with implementing a cyber security plan for remote/mobile working, 39 per cent of those surveyed admitted they cannot be certain that their data is adequately secured, 18 per cent said they don’t have a good understanding of which of their data sets need to be encrypted and 15 per cent have no control over where company data goes and where it is stored.
That said, 77 percent confirmed their organisation had a policy in place that requires encryption of all data held on removable media. Of those, 33 per cent only allow the use of hardware encrypted organisation-approved removable media; 18 per cent only allow the use of organisation-approved removable media, which aren’t hardware encrypted, but software encrypt everything written to them; 16 per cent allow use of all removable media devices, including employees’ own USB sticks, but software encrypt everything written to them; and 10 per cent have an alternative policy that requires encryption of all data held on removable media.
However, 20 per cent of IT decision makers either tell their employees they are not permitted to use removable media (7%), or physically block all removable media (13%).
“Whilst businesses should only allow corporately approved, hardware encrypted devices to those with a business justification, not allowing, or physically blocking removable media can impede productivity and put data at risk. By deploying the right solutions at the endpoint, it not only allows employees to use their own hardware safely, but gives them autonomy, assisting operational agility and defending against the risk of cyberattack” points out Fielding.
Positively, 88 per cent state their organisation has an information security strategy/policy that covers employees’ use of their own IT equipment for mobile/remote working, 22 per cent of which allow only corporate IT provisioned devices and have security measures in place to enforce this with end point control.
The increase in encryption usage looks set to continue. When questioned on which devices their organisation currently encrypts, and which they plan to expand encryption, surveyed IT decision makers noted that their organisation already encrypts some devices, and plan to expand their encryption usage on USB sticks (19%), laptops (16%), desktops (12%), mobiles (22%) and portable hard drives (18%).
“Remote working has become the ‘new normal’ and it’s crucial that businesses now address any quick fix security solutions they had put in place and ensure the security of corporate data. The rise in endpoint control, and the plans for increased encryption are hugely positive, but this needs to be embedded in remote working policies if businesses are to avoid the potential for a data breach and failure to comply with existing regulations”, Fielding added.