Better safe than sorry: which files do you need to encrypt?

According to IBM Security, the global average cost of a data breach hit USD 4.45 million last year – a 15% growth since 2020. This is particularly alarming in light of the stats that in August 2023 alone, there were 73 publicly disclosed security incidents exposing nearly 80 million records around the world. The latest headlines include the UK Electoral Commission’s belated apology after a cyber-attack compromised the personal information of 40 million registered voters as far back as August 2021. To make matters worse, the breach remained undetected for 14 months straight, and the election watchdog admitted failing a cybersecurity test in the same year it fell victim to the hack.

Incidents like this are a stark reminder of the importance of rigorous, well-thought-out security measures to shield sensitive files from lurking cyber threats. Encryption, “the cryptographic transformation of data to produce ciphertext,” as per the definition by The National Institute of Standards and Technology (NIST), is one of the oldest and most powerful weapons against unauthorized access, even if confidential data is stolen, lost, or compromised. In simpler terms, encrypting files essentially means scrambling the original content in such a way that it can only be read by someone who has the key or password.

No wonder that for most companies, the question today is not whether to encrypt, but what to encrypt. What constitutes sensitive information, and which files do you need to encrypt? In this article, we’ll explore the types of data and business areas that necessitate extra caution, some of the regulations that apply to organizations in various industries, and best practices to secure company data.

Cracking the code: the kinds of files you absolutely need to encrypt

As a good rule of thumb, you need to encrypt any file that contains sensitive or confidential information, whether it’s legal or financial, business, or personal. This can include personal identification information, financial details, medical records, trade secrets, and more. Unauthorized access to such files could have serious repercussions, from monetary loss and reputational damage to legal liabilities and even identity theft.

Here are some examples of the types of files that need to be encrypted:

• Human resources data: HR documents, such as employee contracts, performance reviews, leave of absence forms, and payroll information, contain legally protected, private data like addresses, social security numbers, and financial details.
• Legal documents: Contracts, intellectual property filings, non-disclosure agreements, licensing agreements, and legal correspondence often include proprietary and confidential information.
• Banking and financial documents: Documents such as bank statements, investment portfolios, insurance policies, and tax return forms contain critical financial data that requires adequate safeguarding.
• Medical records: Patient health information is one of the most sensitive types of data, and medical institutions are mandated by regulations like the Health Insurance Portability and Accountability Act in the US to ensure its effective protection.
• Customer data: Any files containing personal data from customers such as addresses, payment information, and purchase history need to be encrypted to safeguard privacy and maintain trust.
• Internal business documents: To protect business interests, it’s important for company staff to encrypt strategic plans, meeting minutes, internal audit reports, and other proprietary documents.
• Intellectual property: Any document that contains information about inventions, trade secrets, or proprietary business processes, which can be an attractive target for cybercriminals, should undergo encryption.

Remember, the goal of encryption is to secure data and shield it from unauthorized access. When in doubt, it’s always better to err on the side of caution.

What types of files can be encrypted? A detailed but non-exhaustive list

While all types of digital files can be encrypted to enhance data security, the most frequently encrypted file types are the following:

• PDF files: Documents, especially those with sensitive information, are often stored as PDFs and are a prime candidate for encryption.
• Image files: These can include formats such as .jpeg, .png, .gif, etc. Encrypting image files can help protect personal photos or other sensitive graphical data.
• Text files: Files in .txt or .docx format, often used for maintaining records, should be encrypted to prevent unauthorized access.
• Database files: Files with .db, .dat, .mdb extensions containing critical information are commonly encrypted.
• Email files: EML and MSG files that include personal or confidential correspondence also need encryption, especially in a business setting.
• Video and audio files: Files with .mp4, .avi, .mp3, .wav extensions may also have sensitive information and benefit from encryption.
• Spreadsheet files: Excel files (.xls, .xlsx) used for data organization and record-keeping often contain confidential information, making encryption essential.

Enterprise file encryption: the corporate art of keeping secrets

Enterprise file encryption plays a crucial role in safeguarding sensitive information across various departments within a company. Meaning its main goal is not just to protect individual data elements, but also to ensure the integrity and confidentiality of the business’s entire data ecosystem.

Let’s take a look at how enterprise file encryption can benefit key departments within an organization.

• Human resources: The HR department handles highly sensitive information such as employee records, payroll data, and performance evaluations, making enterprise file encryption essential.
• Finance: Financial records, company earnings, and other fiscal data need to be safeguarded to prevent potential financial crimes.
• Research and development: To protect the company’s competitive edge, any proprietary research, findings, product design, or innovative ideas must be encrypted.
• Legal: Encrypting legal documents, contracts, and correspondences is paramount to maintain legal privilege and protection.
• Sales and marketing: Customer information, strategy documents, market research, and sales reports are the lifeblood of a company’s success. Encrypting these files helps maintain strategic advantages.
• Information technology: To protect the company’s IT infrastructure, network diagrams, passwords, and other sensitive system-related information must be kept secure.

From GDPR to CCPA: let’s decode key data protection regulations

Legislation aiming to safeguard sensitive information from external threats varies by industry and country. Here are some of the most important regulations that organizations may need to comply with:

1. General Data Protection Regulation (GDPR): This European Union regulation mandates protection for personal data and privacy of EU citizens. Encryption is recognized as a suitable method of protecting personal data under GDPR.
2. Health Insurance Portability and Accountability Act (HIPAA): In the US, healthcare providers are required by HIPAA to implement strong security measures, which may include encryption, to protect medical records and other personal health information.
3. Payment Card Industry Data Security Standard (PCI DSS): Covering companies that handle credit and debit card information, this global standard requires encryption for the transmission of cardholder data over public networks to prevent credit card fraud.
4. California Consumer Privacy Act (CCPA): This state-level regulation in the US grants California residents control over their personal data. While not explicitly requiring encryption, it advises the use of security measures to safeguard consumer data.

Make file encryption business as usual with Tresorit’s end-to-end encrypted collaboration platform

Tresorit uses end-to-end encryption to keep your data safe. Unlike other services, however, we can also guarantee that your data is protected by zero-access encryption no matter where you decide to access it – even if it’s your browser. It’s virtually impossible for anyone to access your private key and documents. This includes us. Offering the highest level of security in the cloud, our file storage and sharing solution allows you to:

• Make cloud collaboration as safe as possible
  Every file and relevant metadata on our users’ devices are encrypted with randomly generated encryption keys. Accessing files is only possible with a user’s unique decryption key that no one else, not even Tresorit, has knowledge of. Meaning that even if our servers were breached, no one would be able to read their contents.
• Keep access secure and limited
  Monitor and decide which devices are allowed to access which files and from where users are allowed to log in to their company account to safeguard business-critical documents. Manage files and tresors at a granular level to ensure they’re only accessible to those who need them and limit downloads or revoke access at any time.
• Stay in control of what happens to your data
  Implement data protection measures, including controlling who has access to what data, logging file activities, and creating internal security policies for data management. No file content can be modified without you knowing about it, thanks to cryptographic authentication applied to all encrypted data in the form of HMAC or AEAD.
• Set up and enforce enterprise security policies in one place
  Make sure that everyone on your team is on the same page when it comes to using crucial data security tools and processes. Apply policy templates, including 2-step verification, IP filtering, timeout policies, and sharing policies, create different policies for each template and modify them at any moment through a single interface.
• Encrypt attachments automatically in Gmail and Outlook
  Empower your teams to work efficiently and send encrypted emails by integrating Tresorit with Google Workspace or Azure Active Directory and Office 365. The add-ins offer a fast and easy way for users to replace risky email attachments with encrypted share links and password-protected files using their existing email addresses.