On August 18, 2017, the FTC released its fourth “Stick with Security” principle, which explained the importance of keeping confidential data only when needed, and securely storing the data when it must be kept. To that end, an essential security tool is data encryption. Encryption is the process of transforming information so that only a person or device with the key can read it. The FTC offers the following three suggestions to safely keep data secure when it is stored on a network (“data at rest”) and when it is being sent from one computer to another (“data in transit”):
Keep Sensitive Information Secure Throughout Its Lifecycle
Companies should maintain a “big picture” awareness concerning how sensitive data enters its system, moves through it, and exits. For example, companies often need to gather information about customers to tailor their user experience. If a person’s age is relevant, ask a customer to pick an age range instead of requiring a specific number or date of birth.
Additionally, it is critical to store decryption keys separately from the data the keys are used to unlock.
Use Industry-Tested and Accepted Methods
Companies strive to be unique, but when it comes to data security, proven industry-tested methods is the preferred practice. Relying on your Uncle Ivan’s home-made data protection ideas may not be the safest bet.
Ensure Proper Configuration
Even when companies maintain strong encryption, such encryption must be configured correctly. Disabling default validation settings or other connectors that process secure data can negate the benefits of encryption.