Venyu Blog

Inc. Magazine’s web presence has published an article entitled “How to Prevent Identity Theft in Your Business,” detailing how data breaches occur, how thieves and hackers exploit businesses to steal information and, significantly, how encryption technology can be used to render stolen data worthless. 

The article includes incisive commentary from Lawrence R. Rogers, a senior member of the technical staff at the CERT program of the Software Engineering Institute, part of Carnegie Mellon University. From his point of view, encryption is not a panacea, but rather a methodology designed to frustrate would-be identity thieves. Says Rogers, “Understand that encryption technologies do not defend against data being captured by the bad guys; rather its aim is to make any data that falls into the wrong hands unintelligible and therefore useless.”

Core to his regimen, Rogers strongly suggests that because of the dynamics of data theft encryption, hardware and software selected should be periodically re-evaluated to ensure it is still providing the required protection. Similarly, he says, all policies governing its use and all procedures defining its use need to be periodically reviewed to attest to compliance and execution.