ENCRYPTION - PROTECT DATA AT ITS GRASS ROOTS

In this BlogBytes we will take the data protection discussion to the grass roots level and how LTO technology plays a critical role.

A company’s digital assets are of high value and protecting them is of upmost importance especially in this environment of cyber sabotage, data theft, email schemes and ransomware.  

CYBER ATTACKS RISE

These threats, coupled with new workplace paradigms that emerged in response to the global pandemic, make the data protection mission more complex as cyber criminals seize their opportunity for illegal gain.

While businesses and the public were focused on adapting to the health crisis, cybercrime was booming with malware, phishing, ransomware and assorted internet related attacks. According to the FBI: 

“A record number of complaints from the American public [were received] in 2020: 791,790 with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019.”

Phishing was the largest category the fraudsters were using to penetrate individuals and organizations to get at sensitive information. As described at SeachSecurity Techtarget: 

“Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication. Attackers will commonly use phishing emails to distribute malicious links or attachments that can perform a variety of functions. Some will extract login credentials or account information from victims.”

Reported losses from cyber crime exceed $4 billion in 2020 according to the FBI

TAKE STEPS TO SHIELD YOUR DATA

We discussed some important actions that can be employed by organizations to shield against a cyberattack in a recent BlogBytes article. These fraudsters are clever and their methods are ever changing:  what if the intrusion is successful and the invaders get to the data store? Data protection plans must embrace grass roots level safeguards that include anti-malware solutions, multi-factor authentication, employee education, and offline data backups. The plans should also include immutability protection in the event the intruders get to the data source.  LTO technology supports drive level data encryption to help protect information at its grass roots. Let’s look at the details.

LTO GRASS ROOTS PROTECTION

LTO drives use 256 bit AES256-GCM encryption methods to secure your data

As noted at the LTO.org website, LTO tape technologies support of data encryption is unique in that “… you can securely encrypt backup and archive data without additional investment in software or separate devices. LTO drives use the 256-bit Advanced Encryption Standard with Galois/Counter Mod of Operation (or AES256-GCM for short). It is authenticated encryption that achieves very high speeds in hardware with low cost and low latency. AES256-GCM provides both data confidentiality and data integrity in a single, easy-to-use solution. There are no special LTO cartridges; standard LTO cartridges should be used to write encrypted data.”

Making data immutable with encryption in the event the data gets into the wrong hands is of top priority — LTO technology encryption helps protect your information and can save you from expensive recovery processes later on. Addressing compliance regulations is also a task that several industry segments are concerned with. LTO technology supports write-once read-many (WORM) capability that stores data in a non-rewritable format which helps address compliance regulations, such as SEC Rule 17a-4(f) and HIPAA.

And although we are focusing on the usefulness of encryption to address concerns about criminal activity, encrypting your backup and archive data is best practice method that will safeguard content even if the tapes go missing.  In turn, this can mitigate the potential for fines and other penalties being applied to companies and their board members for negligibility, that eventually hurt shareholders.  Take for example the California Consumer Privacy Act (CCPA): encryption is specifically called out as the best defense (along with data redaction) against data loss.

As described in this article:

“As an extra incentive to encrypt data, CCPA applies data breach sanctions only if companies fail to protect personal data with encryption or redaction. If personal information is protected with appropriate encryption data security measures, it cannot be used by unauthorized parties, so consumers are left unharmed and there is no basis to penalize organizations. Under CCPA, doing something that is a good idea anyway, encrypting personal information, can now literally save an organization millions of dollars. CCPA damages may include a penalty of $100 to $750 per consumer per incident, or actual damages, whichever is greater.

THE LTO STORY

Cybercrime is on the rise and taking steps to protect information is a continual endeavor. And unexpected information loss can always happen due to human error and plain bad luck.  Protecting data at the grass roots level is part of that effort and LTO technology can help protect the data with encryption and WORM capabilities. See the whole LTO story here.