Primer on Data Encryption Part One: (Categorizing the Data)
Data encryption is no longer a luxury add on for law firms ; it’s a requirement. Yet without an effective plan in place, encryption will be incomplete and vulnerable to risk. Encryption methods and practices vary will vary based on the location of your data but we will highlight three location categories for your data:
Know your data :
Data at Rest –Data at rest generally refers to data stored in persistent storage (disk, tape) while data in use generally refers to data being processed by a computer central processing unit (CPU) or in random access memory (RAM, also referred to as main memory or simply memory).
Tools for Encrypting Your Data at Rest
Device-based Encryption – many systems come pre-installed with encryption capabilities. Use them. For example, if you’re making Time Machine backups, you have an option to encrypt that entire drive. Mac computers and iOS devices also come with built-in encryption. It’s foolish not to use them.
Software – if your device doesn’t provide sufficient encryption, or if you want to encrypt information in remote storage or cloud-based storage, you can invest in encryption software. Some highly-rated options include:
Data in Transit – this is data being sent from one person or location to another. Data in transit is defined into two categories, information that flows over the public or untrusted network such as the internet and data which flows in the confines of a private network such as a corporate or enterprise Local Area Network (LAN).
When your data is “in transit” is when your data is most vulnerable. Whenever you’re sending confidential data from one place or person to another, it needs to be encrypted from the moment you send it to the moment they receive it. This type of security is called “end-to-end encryption.”
Data in Use – this is data that’s being actively accessed. Data in use is an information technology term referring to active data which is stored in a non-persistent digital state typically in computer random-access memory (RAM), CPU caches, or CPU registers.
The only time your data should be unencrypted is when it’s being used. Once no longer in use, however, your data should be encrypted immediately. Here is where it becomes so critical that your law firm has an Encryption Policy in place. Make sure that your policy informs everyone where important data is allowed to be saved.