Data Encryption - how to look after your customers data.

You may have wondered about this. Why should you do it? Is it difficult? Are there any disadvantages?  This article explains how you can encrypt your data and why some of you should encrypt your data to protect your business.
If you run a business you will need to share data between computers. You may need to access data remotely. You may need to take data to customers offices. You may already have an offsite storage policy. How are all these things affected by choosing to encrypt your data? Here I will explain a method of how you can achieve all these things relatively simply.
But first let us think about why you should do it. For some businesses it is a no-brainer. If you operate in the Financial services sphere you must adhere to the FCA regulations. These detail your responsibilities for looking after your clients’ financial information. For other businesses losing a client list or confidential information is simply harmful to your business. When unencrypted information is taken away on USB sticks and external drives they are easy to lose or have stolen. All businesses must comply with data protection legislation

Windows Bitlocker

Disk Drive Encryption: Most office computers use a Microsoft operating system. The Professional versions include Bitlocker so you need to upgrade to a ‘Pro’ version if you are using ‘Home’. Once you have access to Bitlocker you need to turn it on for each disk drive inside your computer. You also need to turn it on for every external USB disk drive you plug into the computer. On my system I first tested it on a 1TB external drive attached to a USB 2 port. You are asked to create a password that will be asked for every time the disk is attached. You will also need a Microsoft Account to set this up. This is so that you will have a method of recovering the drive should you ever forget the password! The 1TB disk drive I first tested took around 10 hours to encrypt – so give yourself plenty of time to complete this.
When the process has completed convince yourself it works by removing the drive and reattaching it. You should be asked for the password; only then will you be able to see the files and folders on it.
When you are ready you need to also encrypt your main computer drive – usually the C: drive. You do this in exactly the same way. Interestingly here you can continue to use your computer whilst the process is going on. You may as well keep the Bitlocker encrypting window open so you can see how well it is getting on. After a lengthy period of time the process will finish. The next time you reboot the computer you will need to enter your Bitlocker password as soon as the computer powers on – so be absolutely certain you know what it is! You can use the same password for all your disks if you wish.

There are a few minor disadvantages of encrypting your disks:

• Typing in the Bitlocker password is an extra step when you are starting up the computer
• You will also have to type the Bitlocker password the first time you use any additional disks mounted inside the computer after rebooting.
• You will need to enter the Bitlocker password whenever you attach any external encrypted drives to any computer
• There is an increase in the time taken to read and store data to the encrypted disks. To be honest though it is unlikely you will notice this.

However, these disadvantages are outweighed by the advantages which are:

• Your personal data or your clients data cannot be accessed on your computers without your consent
• If you lose an external drive or have one stolen you know that the data cannot be read and your business is safe
• If you lose an external drive or have one stolen you know that the data cannot be read and you can reassure your customers that their business is safe too!
• Businesses that must be compliant with the FCA are more likely to be approved

Make a Plan

To implement encryption across your computers you will need a strategy. This will ensure that all your data is assessible to you at all times whiles the encryption is underway. In addition, you will need to think about how your NAS system handles files and how any cloud storage you use handles files.
For a typical system as follows you may follow the guidelines shown below:

• Computer 1
• Computer 2
• USB External drive(s)
• NAS (Network Additional Storage)
• Cloud storage facility
• Both computers and the NAS drive are on the network with Internet access

Step 1.
Firstly, make sure that whatever your backup policy is, that it is up to date and all backups successfully taken. You may for piece of mind make an un-encrypted back-up and put it in a safe somewhere until the whole process is finished!

Step 2.
Encrypt the external drive(s). This is done to learn how to use the facility and to ensure that data that is more likely taken off site is encrypted first.
Test the encryption works by reading and writing to the drive and using the disk drives on other computers. You should be prompted for the password.

Step 3.
Encrypt the first computer. After encryption reboot the PC and make sure that you can still access everything as normal. When you are certain that the PC is working perfectly only then encrypt the data on the second computer.

Step 4.
Encrypt the second computer. You may wish to do this sometime after Step 3 if you want more time to give yourself confidence that all is well!

Step 5.
Encrypt your NAS Drive(s). Here you will have different choices dependent upon the drive manufacturer. NAS drives are computers and they are not Windows so they will not understand Bitlocker. However, when Bitlocker encrypted files are copied to non-bitlocker encrypted media they are automatically decrypted. This makes it easy to use but means that you can inadvertently de-crypt files if your target drive does not support encryption. Some NAS drives have their own encryption which you can turn on in the administration menu. You must do this as the default is usually set to “OFF”.

Step 6.
Only store encrypted files in your Cloud storage. Once again, the choices here will be different depending on who provides the storage. Often companies subscribe to a service that is encrypted and you must make sure yours is. In addition, many provide software to automatically upload critical data on a schedule of your choosing.

... and Finally ...
if you have followed the above guidance then you should be at a point were:

• All your data is encrypted
• You have adequate onsite and offsite encrypted backups
• You have managed critical data backups in the cloud.

This puts you in the position of having a resilient security policy that protects your own and your customers data. This protection is not just from prying eyes or data thieves but also is a good first step to implementing a disaster recovery plan. You will be able to advise your clients that no matter what computer problems you face you will always be able to continue your data processing for them in a reasonable amount of time. Importantly for yourself - your customer contacts, historical documents, order payments etc will never be permanently lost.
To set up a resilient data governance plan is not a particularly easy task, however once it is done it just works and gives you piece of mind with minimal attention. If you would like my help in putting together a strategy for your company then please get in touch with me here.  Contact Computers-in-Kent.
 

"Tony Bentham is a fully qualified and experienced Data Systems Analyst and Information Technology Lecturer"