“If we did all the things we are capable of, we would literally astound ourselves.” ~ Thomas Edison, Inventor
April was filled with lots of questions about PCI compliance. For the uninitiated, PCI DDS is the acronym for Payment Card Industry Data Security Standard. It came about as a result of numerous data breaches at entities like Equifax, Target and Facebook to name a few. When sensitive data is leaked, credit card companies are not happy. Customers are not happy. Criminals are happy. Or at least I presume them to be. I haven’t actually asked them. Maybe I should launch one of those Monkey Surveys and find out. Anyway, the point is:
Any business or person that accepts credit card payments is now required to show due diligence toward protecting customer credit card information. Even if you don’t accept credit cards, you are expected to protect personal data of employees, students, vendors, clients… Personal data includes things like address, phone numbers, social security numbers, account numbers, mother’s maiden name… You get the drift.
So the question becomes, How do you protect this information?
One way to protect is to encrypt. I’ve talked about encrypting before. But only in the negative. Before, I’ve mentioned ransomeware that invades your system, scrambles your data, and leaves you high and dry. But encryption can also be used in your favor.
What is Encryption?
Encryption is the process of encoding data in such a way that only authorized parties can access it. It requires the use of an encryption key (think fancy password). If you don’t have the encryption key, you can’t read the data.
3 Simples Questions to determine if you should Encrypt the data:
- If this data was on piece of paper, would you shred it?
- If this data was leaked, lost or stolen, would your business or its reputation be negatively affected?
- If this data was leaked, lost or stolen, would your customers, clients, vendors be negatively affected?
If you answered YES to any of the above, then you should encrypt!
How do you Encrypt?
I went searching for tools that will encrypt data. First up is Windows 10 and it’s built in BitLocker. I would like to say it was a huge success. I experimented with it on three machines and all 3 machines baulked. In order to make it work, I had to create a self signed certificate and edit group policy. That’s a lot of work for something that is supposed to work out of the box. So I went looking for third party apps.
The app I settled on is AxCrypt available at https://www.axcrypt.net. It has a free version and a paid for premium version. It has several small tutorial videos to teach you how to install and use it. And it works. Out of the box. With ease.
If you are needing to protect sensitive data, I recommend you check out AxCrypt. If you need additional assistance securing your network and data, please give us a call.
Keeping Your Data Safe!