There’s more than one reason companies need to keep intruders out of their data systems. There are legal and regulatory requirements for keeping personally identifiable information confidential; their reputation depends on keeping customer information secure; and their intellectual property needs to be protected from competitors.

Related: 5 Ways a Data Breach Can Cost You

Companies use multiple tools to keep out unauthorized users, starting with firewalls that block traffic, and layering on tools like intruder detection system software and antivirus software to identify and block any malicious software that slips into the network.

Those defenses aren’t infallible, though, so one last layer of defense is needed. Encryption guarantees that if malware or an unauthorized user is able to access your systems, they won’t be able to read the data they see. Not only does this protect your data, it protects your customers and your reputation: the laws that require reporting a breach to consumers often make an exception when the stolen data is encrypted.

Protect Data in Three Places

There are three different times and places where data needs to be protected against prying eyes: in storage (data at rest), on the wire (data in motion), and in memory (data in use).

• Data at rest includes data stored in files on all kinds of devices: the drives attached to desktop computers, drives connected to servers, drives on laptops, and storage on tablets, smartphones, and other mobile devices. Data on USB memory sticks and other portable drives also needs to be encrypted; so does the data backed up to tape or other archival storage. In the cases of mobile devices, laptops, USB memory, and portable drives, encrypting data offers protection if the device is lost as well as if it is stolen or hacked. Many operating systems today include encryption capabilities, making protecting stored files fairly straightforward.

• Data in motion includes all data being transmitted over networks, whether through email, file transfers, or other means. Virtual private networks allow remote users to securely access a company’s network and encrypt all communication during the session. There are applications that support secure email, texting, and file transfers, though in many cases both parties to the conversation need to use the same tool to gain the protection.

• Data in use includes data that’s been decrypted and placed in computer memory for use by an application. The risks of exposing this data increase with cloud usage, where the computers are outside the company network and may be shared by multiple users. There are new tools that enable users to search encrypted data, reducing the need for decrypting and potentially exposing files located in the cloud.

Plan Your Encryption Strategy

Begin your encryption plan by deciding whether you want or need to encrypt all of your data or only the most valuable or most vulnerable data. IT will need help from the business team and management to understand which data is subject to legal or regulatory protections. The business will also need to help IT understand where the data is accessed from, including mobile devices and cloud services.

Along with identifying the data to be encrypted and the encryption algorithms to be used, IT will need to implement key management to ensure that access to keys and certificates is restricted. And users need to be reminded not to share their credentials.

Related: IT Security Services

Encryption is only part of a comprehensive data security program. Prescient Solutions can help you evaluate the full scope of data and network security requirements and implement a solution that provides solid protection from the first line of defense through the last. Contact us for a free infrastructure assessment to identify your vulnerabilities and start protecting your systems.

Other IT Security Resources

Take Precautions So Your Smart Devices Don’t Introduce Stupid Security Risks

Digital Vulnerability Series Wrap-Up

The Yin and Yang of Cloud Security