Cybersecurity Self-Assessment Resource
Download this resource to measure your appetite for cyber risk and to gauge your current cybersecurity status.
.jpg?ext=.jpg)
Webinar on Demand: The Value of Encryption
As organizations pursue compliance with frameworks like CMMC and ISO 27001, understanding encryption becomes a business imperative. In this session, Smithers cybersecurity expert Robert McVay explains what encryption is and what you need to know if you are pursuing CMMC or ISO 27001.
What is Encryption? Simplifying the Core Concept
Encryption is the process of transforming readable data like documents, spreadsheets, and images into a form that’s indecipherable unless you have the correct key. Whether data is at rest, in transit, or in process, encryption ensures that even if attackers access the data, they can’t exploit it.
Why Encryption Matters to Your Business
Beyond compliance, encryption fortifies four critical cybersecurity pillars:
- Confidentiality – Prevents unauthorized disclosure.
- Integrity – Protects data from tampering or corruption.
- Authentication – Validates the data’s origin.
- Non-repudiation – Ensures senders cannot deny their involvement with the data.
Compliance and Validation: Know Your Algorithms
Regulations like DFARS 252.204-7012 and CMMC mandate the use of FIPS-validated modules, not just strong algorithms. To that end, here are some best practices.
Best Practices: Layered Encryption for Defense-in-Depth
Encryption should be layered across your infrastructure:
- Full-disk encryption for all portable devices.
- Database encryption at rest.
- Encrypted backups.
- Enforced VPN use for all remote access.
- File/folder level encryption for critical data.
- Email encryption for sensitive communications.
If you have any questions about encryption and how it relates to CMMC and/or ISO 27001, please feel free to contact us.