What it is
Encryption is a method of converting data from human readable form into a secret code.
How it works
There are two kinds of encryption for business data.
Encryption in transit, for data collection
Encrypting data when you collect it is called encryption 'in transit'.
The most common need for encryption in transit is when you collect data from your customers through your website. You'll need to configure a certificate and key (also called asymmetric keys) so that your website uses HTTPS.
Benefits of using https across your website
Encryption at rest, for data storage
You need to consider encryption at rest everywhere you store data that's important and sensitive to your business, including:
- customer data
- third party data
- intellectual property
- internal data, and
- backup data.
Common places to configure encryption at rest are on your devices, servers and databases.
Why it matters
Using encryption protects the data you collect and store so that only your organisation has access to it. If your employee lost their device, or the hard drive you use for backups was stolen, the data couldn’t be accessed without your encryption key.
Encrypting your customers' data also builds trust. Data and privacy breaches are on the rise, and customers are starting to set higher expectations for the companies they share data with. Before buying from you, savvy customers will check:
- your external security or privacy policy for details around how you encrypt and protect their data
- you're using HTTPS on your website.
Create an online security policy for your business
How to protect your business
1. Identify how you collect and store data
To begin with, identify the different ways that you collect or store data. These are all the places where you will need to configure encryption. This list is likely to include your:
- website
- employees’ laptops and mobile phones
- office file servers
- organisation’s servers and databases.
