Expansion of networking has created an all-inclusive industry that had not existed before. Network security focuses on the primary protection of a trusted internal network which is from an organization or business from the potential dangerous actors. However, the industry has been facing challenges from the cyber-attacks, human errors, and other security challenges. Legacy security measures, for instance, antivirus and firewalls, data loss prevention DLP) have offered little protection and limited the productivity of end users respectively. This has resulted in the evolution of the security industry in efforts of mitigating the vices. Unfortunately, the bad guys have also evolved their methods in aims of comprising the corporate networks. CIOs and their organizations are searching for better ways of protecting their data through encryption methods across the entire data life cycle. In both cases, employment of the encryption key is the only way for anyone to access the unencrypted version of your password. This paper advocates on the enrollment of encryption policies in organizations.
For many years the Navy Federal Credit Union has been the most ideal and trusted financial institution serving the military and their families. The organization protects their client’s personal information from nonaffiliated third-party companies that include; telephone number, social security number, a name of a client, access number, physical address, and email address. Some of the third-party companies may use other companies to help them gain personal information. Also sensitive to protection is the account information belonging to clients.
Delegate your assignment to our experts and they will do the rest.
In symmetrical encryption, only one secret key is used to encrypt or decrypt information which makes it merely simple. The secret key can be a number, random letters or word shared between a sender and a receiver. In this case, if a client wishes to use various e-banking services, access to account information have to be granted to the third parties. Acquiring that account data will require a secret key of which is very personal. The receiver or the third party with the shared key will then be authorized to access the account and transaction if any (Deshmukh et al., 2013).
Before the gain of account and personal information, the key has to be exchanged from the account holder, third party and the Navy Federal Organization. This data is both encrypted and decrypted using a single private key. Apart from the symmetrical authentication, is the second policy of asymmetrical encryption, in case the personal information and account information remains with the third party company, the Navy Federal network will ask an SSL/TLS certificate from the client requesting for account information. The certificate has a public key used in the identification of the actual account holder. Conclusively, the data is encrypted using a public key and decrypted using a private key or the vice-versa
Cybersecurity threat is a primary concern that could compromise the organization’s data. For instance, the Equifax breach is a cybersecurity threat experienced by many financial institutions. This problematic issue is difficult to counter due to its dynamic nature which gives the financial institution a hard time in keeping up with it. Second, cyber-attackers could also comprise the organization’s data, as they are always adopting new techniques to stay ahead of threat mitigation tools such as data encryption. Lastly is the ransomware, Trojan virus and other imminent threats that steal credentials (Abomhara, 2015).
To begin with, collaboration among the members of management is crucial in the aim of identifying high-risk areas such as data backups and mobile devices. Data classification should follow, whereby information is divided into predefined groups that share a common risk including encryption data. Next is the establishment of keys and certificates management that helps detect anomalous behavior, for example, rogue self-signed certificates (Manousais et al., 2013). Once proper management has been established searching for the right encryption solution is crucial, this can either be symmetrical or asymmetrical. Authorized users are the only ones supposed to access data to avoid it being tampered with. Two-factor authentication, and an adequate combination of passwords and file permissions is highly recommended. Written policies should then be written and communicated to third parties and end-users and if they seem not to comply with the policies then they are not allowed access to the clients’ data. Finally, SSL decryption technology is deployed to ensure transparency of crucial data, at points of egress and ingress.
Data encryption as a solution for data protection can provide encryption to data, devices, and emails. Organizations and companies are challenged in data protection and data loss due to the wide usage of web applications and external devices in performing their businesses. Encryption is intended to provide an extra layer of data protection however strict access controls and policies are necessary for the convenient functioning of data protection.
References
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility , 4 (1), 65-88.
Deshmukh, D., Pasha, A., & Qureshi, D. (2013). Transparent Data Encryption--Solution for Security of Database Contents. arXiv preprint arXiv:1303.0418 .
Manousakis, V., Kalloniatis, C., Kavakli, E., & Gritzalis, S. (2013, June). Privacy in the cloud: bridging the gap between design and implementation. In International Conference on Advanced Information Systems Engineering (pp. 455-465). Springer, Berlin, Heidelberg.
