
President and CEO of Sydney-based company Randtronics, Adhar said his experience in the Australian market has proved that a lot of Australian PCs don’t have encryption.
Eventhough, encryption at the web and application layer can protect data if it falls in the wrong hands, management have historically been afraid to use it, claimed Adhar.
“The market in Australia is not really able to comprehend encryption,” said Adhar. “Historically performance was a problem with encryption, so was flexibility and you needed a person with a PHD to decrypt the system.
“[But] today that’s different, we now have technology that allows encryption for the ordinary user. Encryption is no longer complex,” he said.
Concerned about today’s threat environment, Adhar said relying on perimeter security provides a false sense of security. People are getting through the system via un-patched systems and firewall vulnerabilities, all the time.
In fact, security vendor Proofpoint released a report last month which found that Australian organisations have a problem controlling leaking data.
The report found that companies are frequently disciplining or terminating employees for breaches.
With regulations coming through to mandate data breach disclosure and data breach incidents making daily global headlines, encryption should form part of a companies privacy policy.
Speaking to SC recently, Privacy Commissioner Karen Curtis said as a general rule, the encryption of personal information on laptops and other storage devices like USBs is good privacy practice and urged organisations to conduct risk assessments to determine whether their stored data requires encryption security.
Move beyond perimeter protection and identify what data is sensitive and encrypt it, said Adhar.