A new IT survey is the latest to shed light on the data encryption habits of IT professionals, revealing that more than a third send sensitive information outside corporate networks without first encrypting it.
Voltage Security published a survey of more than 200 European IT professionals who the company interviewed at a recent IT event. In all, around 36 percent of IT pros admitted to transmitting unecrypted data outside their organization, while almost half of respondents said they don't encrypt data at all.
Encryption "inherently provides an underlying foundation for data privacy, ensuring not just that the data itself is secure, but also that the information can only be accessed and used by authorised users and the specific intended recipients," explained Voltage CTO Terence Spies in a news release.
This follows a Ponemon Institute survey of 4,000 SMBs this past spring, which reported that only around 39 percent of respondents encrypt data before sending it to the cloud.
Security experts have insisted that - besides reducing the amount of data they hold to limit the risk of a breach - encryption is the best tactic businesses can take to protect data at a time when cyberattacks are growing more sophisticated.
A Reuters report touched on this last month. Experts told the news organization that "the better data is encrypted, the less serious it is when it is stolen though even some encrypted passwords can be cracked with sufficient computer power."
Even NSA whistleblower Edward Snowden has been pleading for tougher encryption as of late. In a new interview with The Guardian newspaper, Snowden said IT professionals in a variety of industries - law, journalism, healthcare, accounting, and even the clergy - need to step up their use of encryption to protect sensitive information from prying eyes.
"What last year's revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default," Snowden told The Guardian.
What's the risk in leaving data unscrambled? As our own Chuck DeLouis explained in a blog post earlier this year, cyber criminals are well ahead of IT professionals when it comes to developing malware and other threats that are difficult to prevent. As it becomes even harder for security professionals to stay ahead of these new risks, data protection is an increasingly important part ensuring SMBs can recover if they are hit.
Case in point - reports this week revealed that hackers very likely have access to a sophisticated "government-grade" malware called Gyges.
According to research from Sentinel Labs, Gyges was originally developed by governments for use in espionage and by being "virtually invisible and capable of operating undetected for long periods of time," it's a dangerous tool cybercriminals can tack on to ransomware to extend the life of their money-making schemes.
What's the takeaway for IT services providers? Staying in front of all these risks is a considerable challenge. Antivirus and security vendors are doing what they can to address emerging threats proactively with technology. And as your SMBs' chief security resource, you can stress best practices to help them avoid stumbling into traps set by hackers.
But you'll also need to ensure that their data is protected no matter where it is, so that if something malicious sneaks into their systems, you have a way to restore their business. Encrypted cloud backup is a must-have in an increasing number of industries, and may be the best tool you can use to limit your SMBs' exposure to security threats.