CIS Control 3.10 Encrypt Sensitive Data in Transit
The Center for Internet Security Controls or CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of Cybersecurity controls.
Safeguard 3.10 addresses the #encryption of sensitive data in transit. DataInTransit, or DataInMotion, is data that is being transferred between locations over a private network or the Internet. Using the Transport Layer Security (TLS) and Open Secure Shell (OpenSSH) are two common methods that are used to secure data in transit.
In plain English when data from one system is opened on another system locally or from a cloud service this data is in transit and if the data is sensitive it must be encrypted.
Sensitivedata has different definitions across the globe so it's always best to check your local definition but traditionally the following types of data should be considered sensitive no matter where you are located.
- Social Security, Driver's license, state identification card or Passport number
- Account log-in, financial account, debit/credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- precise geolocation
- racial or origin, religious or philosophical beliefs, or union membership
- contents of a consumers mail, email, and text messages unless the business is the intended recipient.
- Genetic data
- Biometric data
- Health information (HIPPA)
- Information about sex life or sexual orientation
- As well as employee data such as a resume, biography, drug tests, background checks, and even reports and investigations during their tenure.
Releasing any of the above data or transmitting it unencrypted poses risks to the employee and the business. In Ditmann v. UPMC, the Pennsylvania Supreme Court Recognized the Legal Duty to Safeguard Employee Data.
So while 3.10 may be required for only implementation groups 2 and 3 in CIS Controls, it is highly advised for every business or anyone out there storing sensitive data to ensure data is only transmitted when encrypted.
Join the conversation - https://www.linkedin.com/posts/activity-7087184876893790209-YRDM?utm_source=share&utm_medium=member_desktop