Why Full Disk Encryption Isn’t Enough

Many of our clients tell us that they believe their data is secure because they have “full disk encryption” -- typically the BitLocker that comes with Windows 10 -- enabled on their computers. But it’s very important for you to know what full disk encryption is, what threats it can protect you from, and what threats it is defenseless against. Not knowing the difference can cost you many thousands of dollars...and maybe your entire business, too. In almost all cases, full disk encryption (FDE) isn’t enough, and here’s why…

Why Encrypt Data At All?

The idea behind encrypting your data is to prevent people, devices and software from accessing your data without authorization.

• Individuals should encrypt data on their personal computers and phones to help prevent identity theft. You want to protect your banking information, private information, and identity (such as SSNs, account numbers, etc) and anything else you don’t want other people to know.
• Businesses should encrypt their data because you don’t want malicious employees, hackers or malware stealing business secrets, client data, payment information, or any other Personally Identifiable Information (PII). Allowing a breach of this information could result in having to disclose the breach to your state’s Office of Civil Rights, the Secretary of State, all your potentially breached clients’ data, and the public at large. The costs could be huge and damaging to your business, its bank account, and its reputation.
• Businesses that are subject to HIPAA regulation share all of the above concerns and consequences, as well as far steeper fines and consequences if any Personal Health Information (PHI) is revealed. HIPAA regulations are strict and far-reaching and carry huge fines and potential jail time for those responsible for allowing the breach. FINRA regulations are similarly strict and also carry huge fines and penalties.

What Full Disk Encryption is Good For

FDE prevents unauthorized access to your entire hard drive all at once. Thousands of computers -- especially laptops -- are lost or stolen every week. Without full disk encryption, whoever finds (or has stolen) your computer can access the data on your drive. Your login password will likely prevent (or hamper) the user from logging into your computer and using it, but the data on the disk is open to anyone if they just remove the drive and install it on another computer.

In other words, in just a few minutes, they can be scrolling through your credit card statements, address book, business plans, personal correspondence...and even the Excel sheet where you keep your passwords (even though you shouldn’t).

Full Disk Encryption is good because if someone steals your laptop and doesn’t have a login to your computer, they can’t see anything on the drive. All your data is secure...in this situation.

Why Full Disk Encryption Isn’t Enough

There are many other ways your data can be stolen that FDE does not protect you from. FDE does not prevent viruses from attacking your files. Once you are logged into your computer, your files are visible not only to you but also the software on your computer. Viruses are software, and can access your data on your encrypted hard drive.

Even if you’ve got antivirus protection on your computer, you are still vulnerable. If another computer on your network is infected by a virus or attacked by a hacker, and that computer has access to the files on your computer (which is common in some businesses), the software or hacker may be able to view your files. The problems are even worse if the files on the server are breached.

Cloud Service Breaches

Chances are that you use cloud services such as Dropbox, Google Drive or Microsoft OneDrive. Those services move data from your computer’s drive into their cloud, where they also encrypt it. However, since you are logged into your computer, all of your files are visible and are decrypted when accessed. So it’s your unencrypted files that are being sent up to the cloud, not encrypted files.

And if someone else (hacker, co-worker, nosy friend) has your cloud storage account credentials, or if the cloud service itself is hacked, all of your files stored there are also likely easily readable by the bad guys.

External Storage Breaches

Similarly, if you use a thumb drive or other portable storage, the data you move to those devices is also decrypted when they are copied...unless of course the external storage device is also encrypted with FDE. But when that happens, the external drive has the same low level of protection that your main hard drive has.

In short, FDE doesn’t protect you from viruses or hackers or any kind of digital breach. It only protects you from the consequences of physical loss.

So What Kind of Encryption Do You Need?

In order for your data to be fully protected in the case of a system breach, you need several levels of protection.

• File & Folder Level Protection - Your individual files can be encrypted on a file or folder level so that the files cannot be accessed without the security keys.
• Cloud Encryption, which protects your data as it’s uploaded or downloaded from the cloud service, as well as while it is stored in the cloud.
• Removable Media Encryption, which automatically encrypts all files you store on external files.

The downside of any kind of encryption, however, is that if you lose your encryption keys, your data is not retrievable, even by you. So if you use conventional File, Cloud & Media encryption, be sure to store your password somewhere safely.

How Digital Uppercut Can Help You and Your Business

At Digital Uppercut, we have a new service, specially designed for Small to Medium sized Businesses like yours. Our service offers all three levels of protection with an additional feature that allows you to restore your master keys in the event they are lost.

It’s a service that is usually only offered to larger businesses. But we can now offer it to companies like yours at affordable pricing. To find out more about how Digital Uppercut can help secure your company’s data and help you avoid the consequences of a data breach -- and even avoid the breach entirely -- contact us today or call us at 818-913-1335. Don’t wait until it’s too late. Get protected now.