It has been reported that 88% of employee laptops contain sensitive information. Laptops are not the only preys. USB flash drives with huge storage capacities make loss of data more probable than ever.

But with security and data breaches being reported weekly, it is surprising to note that not a lot of companies these days are using encryption to protect sensitive company information against data leaks. In a survey done by the Computer Security Institute, of 494 security practitioners in large organizations about half of that number have had their laptops or mobile devices stolent, but only 2/3 use encryption to guard the information on their mobile devices.

Ecryption as a last line of defense against data leaks

The main reason why a lot of comapanies today still do not use encryption is because it has become a bit of a problem for a company's IT staff and its employees. Users would sometimes foget their passwords thus, potentially locking a drive forever. Plus, some types of encryption, particularly those software-based encryptions, can slow down PC performance.

However, it is becoming more and more necessary to use encryption in protecting laptops and other mobie devices against data breach and leakage. And more and more encryption types are available for use.

Encrypted password database

Free programs such as Password Safe that selectively encrypt usernames, passwords, account numbers, etc. have been around for years now. There's no reason why companies and other consumers still do not encrypt their personal data. However, there is one flaw in using this kind of encryption program and that is users still decide which data to encrypt and when. Therefore, there is no guarantee that all sensitive data will be encrypted, plus it cannot prove that private data were never exposed.

File and folder encryption

Another encryption form is the file and folder encryption. It is an answer to problems which occur when using the aforementioned type of encrytion. This type of encryption is an IT-administered stored data protection that is based on file/folder encryption, full-disk encryption or a combination of both. It encrypts files automatically, based on file location, file type or source application.

An good example of this is Windows Encrypting File System (EFS). It can be centrally activated by using Active Directory Group Policy Objects to encrypt specified files or folders. However, EFS still relies on sensitive data being written into protected locations, and cannot stop users from copying encrypted files to unencrypted locations.

Full-disk encryption

This is most applicable to general purpose computers. Here, basically everything that is stored on a physical disk or a logical volume is encrypted. That includes not only sensitive user data, but also application and operating system files.

A good example of this is the BitLocker feature in Windows Vista. An example of volume encryption is the BitLocker feature in Windows Vista. It divides a PC's boot drive into an unencrypted boot volume and an encrypted operating system volume, which is unlocked and verified at boot time using a Trusted Platform Module (TPM) chip, USB key or recovery passphrase.

Othe more extensive full-disk encryptions scrambles the entire hard drive's contents, including boot sectors, swap files, OS files and user data. Authentication, encryption, provisioning and reporting capabilities vary, but enterprise FDE products offer features like Windows single sign-on and central logging for security audit and compliance reporting. *

Combining encryption methods

Combining encryption types or methods may be the best solution for companies and other organiztions in their defense against data theft. For example, use file/folder encryption on less capable devices like PDAs, while applying FDE to laptops. Though it may seem like you are overdoing it, it is a workable option particularly for mobile users who carry regulated data.

Full-disk encryption offers a safeguard against gadget theft/loss, while file/folder encryption protects sensitive data users without hiding files are maintained by IT. However, applying combined encryption methods is determined by your company's finances and security needs.