Cybersecurity Tip #4: Establish Encryption Requirements
#CybersecurityTip: Set encryption requirements to help ensure your sensitive data is protected against hackers. Encryption is a process by which data is translated into an unintelligible code, often referred to as ciphertext. Ciphertext helps protects your data by requiring a key to translate it back into legible plaintext.
A key is, in essence, a decoder that allows only a select individual or group to read the encrypted information. The longer the keys, the harder they are to hack, which means they offer better protection for your sensitive information. Encryption requirements can dictate what length of key should be used to encrypt different data, who should have access to said key, and what measures to take to ensure your encryption methods are as effective as possible.
One of the most common types of encryption standards is AES, or Advanced Encryption Standard. AES incorporates ciphertext and is utilized by the United States government. When AES is utilized in software, it is combined with a number, which refers to the length of the key that is used for the encryption. A strong standard is 256, which would take an extremely long time to hack by brute force.
MSPs and encryption
When implemented consistently and effectively across a network, encryption can help reduce risk and liability for an organization. Although most of the information that travels across the internet is encrypted by default, there are still some key precautions managed services providers (MSPs) can take to help ensure maximum cybersecurity.
Despite the fact that most software will automatically encrypt information, some software allows users to switch off encryption entirely. Therefore, one simple way MSPs can help their customers is by making sure encryption is activated on all their customers’ software. The levels or types of encryption can also be altered with some software based on the needs of the business or the type of data being transferred.
MSPs can also help protect sensitive data by double-checking the ways that cloud providers are encrypting data on behalf of their customers. It is also worth checking the strength of encryption in customer passwords, including looking into how passwords are stored. Ideally, MSPs should not have access to all the encryption points for sensitive customer information.
There are also a variety of additional safety measures that MSPs can take to strengthen encryption for their customers. One measure is known as “salt and peppering,” which inserts an additional data input to a password prior to encryption. A salt refers to a randomly generated value stored in the database, while a pepper refers to a secret value stored separately from the database. Peppers help ensure that even in the event of a database being compromised, passwords would still not be vulnerable to hacking via brute force methods. Both salt and pepper inputs make it more difficult to crack passwords by adding cryptographically strong values to create unique hashes.
The importance of employee security training
One important, often overlooked part of encryption is the human element. If an individual loses their key or fails to encrypt sensitive data, the organization’s security and encryption efforts can easily be compromised. For this reason, employee security training should be a key part of your customers’ encryption policies.
Data security is critical to the ability of any organization to function. MSPs can provide significant value to their customers by making sure all their data is being encrypted—and their most sensitive information is protected by the strongest possible methods of encryption. By highlighting the importance of encryption and password security, MSPs can help keep their customers cybersecure.
- Understanding AES 256 Encryption
SolarWinds® adds Passportal suite to its MSP product portfolio. MSP security, simplified. SolarWinds® Passportal + Documentation Manager is a SOC 2 certified, RAPID 7 tested, award winning platform.
Grow your business faster with the world's first unified platform for true password management and secure IT documentation. More than 2,000 best-in-class MSPs around the world are leveraging our security, automation, and rapid access client knowledge to out preform the competition.