I was reading an article from ITWorld this week that touched on the recent data breach at the South Carolina Department of Revenue. While I find this type of thing fascinating, I also find it scary when someone says something like this:
“The industry standard is that most SSNs are not encrypted… A lot of banks don’t encrypt, a lot of those agencies that you think might encrypt Social Security Numbers actually don’t, because it is very complicated. It is cumbersome and there’s a lot of numbers involved with it.” – South Carolina Governor Nikki Haley
Statements like this are akin to my kids saying they don’t want to do something because it’s hard. Far be it for me to pass judgment on the State and its security practices, they are what they are, I’m talking more about the concept that encryption is hard, complicated, cumbersome and other such nonsense. It’s not.
[Dear South Carolina Department of Revenue, we have a neat little product that might be able to help you with the difficulty you’re experiencing in encrypting your constituent data and will send a representative ASAP to walk you through the value of our data protection offerings.]
But getting back to the complexity of encrypting and securing data, it really isn’t that hard. With the onset of technologies like AES-NI, SEDs and the general improvements in OS performance and processor speeds encryption is nowhere near as ‘cumbersome’ as it was 5 years ago. And yes, there are a lot of ‘numbers involved with it,’ mostly to do with encryption strings, keys, key files and other millisecond transactions that encryption solutions do to secure data – all of which are completely transparent to the user.
Now, one thing that really stands out in all of this is that the State is stepping up and offering free credit monitoring to those affected for one year. In looking up the costs associated with credit monitoring (Equifax, Identity Guard) it ranges from $9 a month to $20 a month. Let’s assume that the State received a deal and are only being charged $5 a month per user. If every one of those 3.6 million affected people sign up for the service, that will cost the state $216,000,000. That’s nearly a quarter billion dollars.
As it stands, only approximately 287,000 people have signed up for the service to date. That may cost the state a paltry $17,220,000 but likely a lot more as more people realize they’re affected.
Now think of this from a business perspective – If you lost that many customer records… and had to make the same offer to offer peace of mind to those customers to ensure you KEEP them, could your business afford, at minimum, a $20 million hit?
A data encryption solution like SecureDoc would cost exponentially less to implement. Guaranteed.