Full disk encryption: do we need it?

Let’s be honest for a moment: when it comes to cyber security habits, companies aren’t typically interested in investing the proper time, resources and infrastructure changes necessary to properly secure their systems and networks for the sole purpose of good security posture. There are two major factors that motivate companies to follow good cyber security habits: laws or mandatory regulations and the fear of becoming the next major breach to explode across news headlines which could result in the loss of finances and company reputation. Conversely, as security professionals, it is our job (and hopefully our passion) to introduce new technologies, methods, policies and procedures that will help the company achieve a better security posture. It’s time that companies consider implementing full disk encryption alongside other encryption methods on their mobile devices.

Full disk encryption is a cryptographic method that applies encryption to the entire hard drive including data, files, the operating system and software programs. This form of encryption is comparable to the protection of your home. Just as locking all exterior entrances is an efficient way of ensuring that no unwanted visitors enter the interior living spaces of your home, full disk encryption places an exterior guard on the internal contents of the device. Unlike past iterations of full disk encryption, the process to encrypt hard drives has become quite simple and is supported by all the major vendors. For example, Apple offers built-in encryption for both the mobile IOS and the desktop OS X systems, Microsoft Windows offers its own native encryption software through BitLocker, and Android also supports encryption out of the box. However, because BitLocker is only available for higher-end versions of Windows, lower-tiered versions of Windows can utilize third-party encryption programs such as VeraCrypt. 

Mobile devices such as work phones, tablets and laptops have the unfortunate propensity of being lost or stolen. This can be disastrous for a company if a device is lost or stolen while containing sensitive information such as personably identifiable information (PII) or proprietary information. According to Verizon’s 2015 Data Breach Investigation, 45 percent of healthcare breaches occurred due to stolen laptops.  Furthermore, according to Bitglass’s Financial Services Report 2016, one in four breaches that occurred in the U.S. financial sector over recent years was the result of lost or stolen devices. Below are some examples of companies that experienced breaches due to stolen laptops:

• Lifespan: In February of 2017, an employee’s unencrypted and non-password protected MacBook was stolen after a car break-in. As a result, the PII of 20,000 patients were compromised such as their names, medical record numbers and ethnicities.
• Premier Healthcare: 20,000 patients were affected when a laptop containing personal health information (PHI) was stolen in 2016.
• Heartland Payment Systems: In 2015, Heartland suffered an office break-in that resulted in the removal of several computers. One of the systems housed social security numbers and banking information.
• Cancer Care Group: A laptop was stolen that contained the PII of 55,000 former and current patients. As a result, Cancer Care Group ended up paying $750,000 in HIPAA fines.
• Lahey Hospital: In 2011, a laptop containing the PII of 599 patients was stolen from an unlocked treatment room. The hospital paid $850,000 in HIPAA fines as a result.

Just because a laptop is password protected, files are not necessarily safe from unauthorized access. According to ”A Small Business Guide to Computer Encryption” from Business News Daily, thieves can easily boot the computer from a USB drive and then access all the files on the computer.

A common concern surrounding full disk encryption is the fear that the encryption and decryption process will cause a noticeable slowdown of processor speeds.  However, such issues are a thing of the past. In 2008, Intel added a new CPU feature that’s now available on virtually every Intel processor called AES-NI. AES-NI is designed to perform several parts of the encryption process up to 10 times faster than previously thought possible. When encryption is first enabled, it can take up to a couple of hours to initially encrypt the disk depending on how many files and programs reside on your hard drive. However, after the initial encryption, normal file operations don’t suffer any performance hits. According to Symantec, any changes made to a file is encrypted in memory and written to the disk which means that the user feels no impact to the performance of the computer. 

When implementing full disk encryption, it is important to consider a few things. One is that every device should be backed up regularly. If an encrypted disk crashes or becomes corrupted, it can result in your files being permanently lost. Additionally, it is essential that passwords or encryption keys are stored in a safe place because once full disk encryption is enabled, no one can access the computer without the proper credentials.

LaTia Hutchinson is a cybersecurity specialist at Enlightened, Inc. where she is charged with leading the technical development of the cybersecurity commercial practice. She attained her master’s degree in Digital Forensics from James Madison University and is currently in pursuit of becoming a forensic investigator and threat hunter.