
Information, or data, needs to be recorded and stored by every organization regardless of the industry vertical. It is often transmitted in diverse electronic formats. For any organization, data concerning their products/services, transactions, employees, processes, customers/clients, loyalty schemes, and other kinds of data need to be secured. In healthcare settings, viewing of data which falls within the definition of protected health information (PHI) by third parties constitutes HIPAA violation/s with corresponding penalties. The finance sector ― be they financial institutions, banks, or credit card companies ― needs to be equally wary about preserving data security and privacy.
The Need for Privacy and Security

These bits of information are not meant for public disclosure, or to be shared with third parties. Moreover, when such breaches occur, they facilitate misuse of the data for identity theft, or fraud. The intrinsic threats attaching to data will be determined by its significance and sensitivity. Apart from the data privacy and security compliance requirements of laws like HIPAA, GDPR, and Payment Card Industry Data Security Standard (PCI DSS); there are legal liabilities which make it in your own interest to keep data secured regardless of the state ― at rest, in transit, or in use. Ensure data integrity by preventing manipulation, deletion of transaction/medical history, or unauthorized edits.
Understand Data at Rest to Secure It
Data at rest is data which has been recorded and stored in some kind of electronic format on an electronic device, that is, when data is not actively moving from one place to another. Therefore, hard copies of prescriptions, bills, and receipts do not fall within the purview of data at rest, though they can still fall under the purview of HIPAA, and its allied laws, rules, and regulations. Data might be stored on some mobile device, a flash drive, a local machine, a hard drive, or in the cloud. Data at rest is stationary data kept on devices which are not normally accessed, or are archived, such as old health records. It is usually stored on servers, hard drives, backup tapes, and other locations. There are attackers who prioritize attacking data at rest as they are likelier to have fewer security safeguards in place.
Dangers Emanating from Removable Devices
Further, when such data is stored on some removable device, it becomes easier for a miscreant to decamp with it, thereby jeopardizing data security, confidentiality, and privacy. It is crucial to prevent unauthorized disclosure to protect confidentiality. Information cannot be considered secure if it can be extracted from its source, copied, and transmitted otherwhere. There is the additional danger of a data breach when a computer, or its hard disk is sent for repairs, or when they are discarded.
Vital Differences Between Data in Motion, or Data in Flight, and Data at Rest

Data in transit is considered to be more vulnerable than data at rest because it is in motion ― moving from one location to another ― via the internet. When data is actively moved from one endpoint to another, it is also known as data in flight, data transfer, or data in motion, even when it is located in the RAM. This includes the transfer of digital data between networks, or from a local device to a network ― Wi-Fi, cellular, or other networks. This transmission might be via wireless transmission or via cables. When people send emails, use instant messaging apps like WhatsApp, Skype, Slack, Facebook Messenger, utilize any other private or public communication channel, place orders to make purchases online, or upload data for cloud storage, this is data in transit.
Data Must Be Protected In Whatever State It Might Be
You have several options that can be used to protect data that is at rest, in transit, or in use. Data at rest depends on the infrastructure that supports it to be secure, and the options for keeping it secure include secure key management, and encryption. Data is codified when it is encrypted, that is, converted into an unreadable form till it is decrypted from ciphertext back into decipherable plain text. Encryption is employed to thwart data being read, used, or handled by a device or hacker when in transit, or at rest. However, the most vulnerable data are data in use. Maintain a strong backup and recovery protocol in case of a breach.
Add Additional Layers of Security to Data at Rest

Add supplementary layers of security like multi-factor or multi-step verification, keep individual data files at separate locations, use cloud antivirus, and impose tight access controls ― for both digital and physical access. Disable the remember password feature to ensure that anyone accessing classified or sensitive data would have to manually type in the password or phrase every single time. Follow the principle of least possible privilege for access controls. Reliance on simple firewalls and basic antivirus software to protect your data is a dicey proposition. Instead of enabling direct access to a database to categorize information ― which can be acquired or accessed easily ― use a dashboard. Encrypt system drives and external media for two-factor authentication, by using a fingerprint reader, or Bitlocker in Microsoft Windows operating systems. Oracle and Microsoft SQL Server offer application level encryption.
Safeguard Data in Transit with Email Encryption
Without encryption at server and network level, data is vulnerable to being accessed as it travels across a network, or networks, and modified, or simply read by an unauthorized individual. However, when an email reaches the inbox of the recipient, it becomes data at rest, thereby becoming vulnerable. This method, i.e., email encryption provides end-to-end encryption for everything sent. It can do this by being based on a public key infrastructure. Only the recipient who has a private key will be able to access the information.
Prevent Unauthorized Access, Or Interception of Data

Secure sockets layer (SSL) and transport layer security (TSL) provide authentic data transfer between servers or systems through the use of endpoint encryption systems that prevent unauthorized access, or interception of data while in transit. Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTP) which is normally used for secure communication over a computer network, and for sharing data using the internet. In HTTPS, the communication protocol is encrypted using SSL or TSL to create an encrypted link between a web server and a web browser. 256-bit AES object-level encryption safeguards data while creating encryption keys as well.
Protect Data in Use This Way
Data is in use when it is being read, accessed, or processed. This makes it perhaps the most vulnerable state. This is because there might be accidental, but unauthorized viewing ― a major HIPAA violation ― when a doctor is viewing a patient’s electronic medical record (EMR), and someone passes by. If the computer or laptop screen is visible to a passerby during a face to face encounter, when a patient is being admitted to, or discharged from a facility, a data breach can occur. The simplest way to safeguard data in use is by restricting access not just by role, but where possible, by restricting access to certain fields or data sets. Another effective way is to conceal the data which is not needed before it is taken up for evaluation, or testing in other applications. Prevent breaches of sensitive information by using metadata, rather than raw data.
Tip: Do not rely too much on cloud storage to secure sensitive data. Rather, you should consider the special needs of your organization, as well as those of your industry.
If still in doubt or Need Guidance or Immediate Assistance?
Check out our services like Vulnerability Assessment, Penetration Testing, Code Review, Testing as a Service, and Risk Management: www.friggp2c.com.
We are determined to work with and for you and make your organization one of the safest business organizations for you, your customers, and all prospective clients.