How data encryption can safeguard your business

First, could you tell us a bit about yourself and what you do here at Nord Security?

Hey, my name is Aivaras, and I am the Head of Product at NordLocker. I lead the team who provides an encrypted cloud solution for anyone who wants to safely store their data and still be its original owner. I know it sounds similar to what usual cloud providers say, but, believe me, you lose control over your files the moment you upload them to the cloud. The simple truth is that many providers still have the decryption key and can access the files at any time. With NordLocker, it's the opposite - we secure your data without the ability to see it, a.k.a zero-knowledge architecture. Together with a team of excellent Product Owners and Designers, we successfully lead the product's vision, roadmap development, and new feature discovery.

Weakest nodes of security in business

From your experience, how likely are companies to protect their data and have a data protection policy in place? Why?

Well, this likelihood usually comes down to several different factors. First of all, it depends on the company size, the industry in which it operates, IT maturity, and more. Secondly, it's also somewhat affected by the growing awareness of data security risks and the necessity to secure it through various data protection measures. And finally, the most impactful factor is the rising number of breaches and the fear of becoming one of the targets. As a result, companies tend to care more about their data security when they or someone close to them experience a breach. So, it's still more "reacting to disaster" than preparing for it proactively.

In your opinion, what can cause more security breaches and damage - lack of security policy or employee carelessness? Why?

It is unquestionably both. Businesses that don't have at least basic security policies in place often become easy prey for cybercriminals. Unfortunately, the same thing can happen due to the employee's carelessness. A company with the most sophisticated, well-described, and thought-through security procedures can be compromised if employees keep their passwords written on sticky notes on their desks. In that case, no policy can help. Cybercriminals spend a lot of time looking for the weakest links in a company's protection, and if there are any, it's bound to be exploited.

Even though people are often a company's weakest link in security, this doesn't happen just because they are careless. Usually, our basic habits, knowledge of cyber threats, and understanding of security policies and tools differ, and we aren't very aware of complex security measures. So to ensure that employees aren't the cause of a breach, every business should ask itself whether it's easy for people to use already applied security tools and what additional effort employees have to make to follow those security policies.

The growing scale of ransomware

Let's talk a little bit about ransomware. How big of a threat to company security is it? Could you share a bit of data on that?

The truth is that nowadays, ransomware is one of the biggest and fastest-growing threats. Mainly because it causes two very harmful things for businesses - it steals sensitive data that can cause reputational damage if exposed and blocks business access to crucial data needed to run daily operations. This fear of disruption and data loss pushes company owners to pay ransoms, increasing the attackers' desire to carry out even larger operations. In fact, in 2021 alone, ransomware attacks rose to 1,000 per day, mostly targeting industries such as construction, manufacturing, finance, and others. So no business is safe from ransomware and other types of malware unless they do data encryption to protect against these threats.

What is the more attractive target for cybercriminals - confidential business information or employee information?

At the end of an attack, attackers typically seek to gain access to confidential company information, which is the 'highest tier' in data value scales. However, this data is usually the most protected from hackers. So, this is where employee information comes into play: breaching employee data can lead attackers further and provide them with access to more important corporate data. Simply put, stealing employees' information could be the start of a very complex and harmful data breach.

Evaluating the risks

Does the size of a company directly impact the effectiveness of its cybersecurity policy? Why? How should a company solve such a problem?

Well, the company size doesn't necessarily affect the effectiveness of cybersecurity. Larger companies may seem more resilient to cyber-attacks because they have more resources and a greater number of dedicated IT specialists who can examine the company's cybersecurity ecosystem. However, this is not the case. They may have much more flaws, and it is far more difficult to oversee the training and safety of thousands of people rather than 10 or 20. On the other hand, small businesses cannot dedicate large budgets to cybersecurity and employ IT security professionals. However, being small, they are less likely to attract the attention of criminals. Nevertheless, there is always a risk. So, no matter how big or small the company is, all businesses should think about potential cybersecurity dangers regularly.

Usually, a 'what-if' scenario helps to evaluate the scale of risk:

1. What if your business gets attacked?

2. How difficult would it be to continue business operations?

3. What are the costs of a potential loss of data?

4. What appropriate resources and attention should be dedicated to cybersecurity?

Practical tips to ensure your data is safe

How important is it to encrypt corporate information? How effective are NordLocker's algorithms used to encrypt the company's data?

Data encryption is one of the safest ways to protect corporate information from cyberattacks. Even if a file is stolen, the content is encrypted and cannot be accessed by anyone else. And this is where our NordLocker product succeeds - it combines data encryption with secure cloud storage and backup. So, in the event of a ransomware attack, the company's data is protected and cannot be taken hostage, while the backups provide business continuity.

From your point of view - what steps should a company take to protect its information? What advice would you give to them?

1. First of all, a company should treat cybersecurity as a continuous business activity by making sure they are aware of the latest cyber threats. It is important to keep in mind that there is no one perfect solution or tool that could protect against all threats.

2. The second step is to identify possible dangers and weak areas in your firm. Once you find thems, make sure you implement the best security measures to strengthen your company's vulnerabilities.

3. Finally, keep in mind that even the most modern security policies and tools may be considered worthless if the company's employees do not naturally apply them. Using security tools that are simple to deploy and easy to use by employees with different technical knowledge can help make their daily routines much safer.

Thus, it is important to maintain a holistic approach and use a wide range of security tools that are easy to use and do not stand in the user's way. It will help build a security net over the business and make it more resilient to ever-increasing cyber threats.