top of page

Debunking five myths about business encryption

  • Writer: ESET Expert
    ESET Expert
  • Jul 16
  • 5 min read

ree

Let’s set the record straight and see why encryption is the cornerstone of company security.


For businesses, encryption is more than protecting sensitive files. It is also a requirement of various regulators and cyber insurance providers.


Still, there are quite a lot of myths that surround this useful security layer, most of which try to paint it as slow, costly, or even made redundant by other active security elements. None of this is true, and this article will explain why.


Making sense of encryption

Firstly, let’s make one thing clear: Encryption is not the be-all and end-all solution that a lot of people and regulations like to claim. However, it is one of those security layers that does have a major impact. There’s a reason why ransomware actors like to use encryption to coerce businesses, after all.


How does encryption work?

Essentially, encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and a key. Without the key, one cannot decipher the protected file.

Some of the common types of encryption include:


  • Symmetric encryption: It uses a singular key to encrypt and decrypt ciphertext.


  • Asymmetric encryption: It uses two keys: a public and a private one. One encrypts, while the other decrypts the file or message. 


Asymmetric encryption is usually used by messaging apps, though some employ both types of encryption at once to further enable secure communication. As for symmetric encryption, it’s the type most used by data storage encryption mechanisms.

ree

Don’t forget about hashing Hashing is another form of encryption. It transforms plaintext through an algorithm into a hash value, creating a unique data fingerprint. This works best when, for example, someone wants to scramble saved passwords into an unreadable format, so that they wouldn’t be abused by someone else accessing them — a great use-case for password managers.

Everyone has their type

Now, each type of encryption usually fits a different use case. In a business setting, the protection of devices and their data storage is paramount, which is why full disk encryption is a must also recommended by data regulations such as the General Data Protection Regulation (GDPR).

Going deeper, folder or file encryption is also useful for when a business wants to make sure that their data would remain uncompromised during a cyberattack, placing an additional layer of security on top.


Beyond that, encryption can be found in many other places. A VPN encrypts one’s network connection to external servers, creating a protected tunnel to access an internal company network, for example, making the relayed data unreadable to snoopers. Then there’s email/message encryption, which creates protected communication on both ends.


Encryption is truly all around us. So then why all the myths?



There are quite a few myths surrounding encryption — from people saying that it’s a liability to people claiming it makes their PC slow or that it’s completely superfluous to their business. 

Perhaps it’s time to do away with some of these myths, so here are five arguments debunking five different myths.


1.     Encryption is a liability

In 2024, the ESET Blog shone a light on BitLocker sniffing, an attack that could bypass the built-in encryption feature in Windows on machines whose Trusted Platform Module (TPM) is not integrated into the central processing unit (CPU). Even so, this was a very specific case of a very involved attack, requiring the attacker to physically snoop in on the encrypted communication between the TPM and the CPU.


Does this mean that every encryption solution is thus open to attack? No! ESET Full Disk Encryption (EFDE), for example, protects against such attacks as it requires secondary authentication (a password) before the decryption process even starts.


2. Encryption makes my PC slow

Does encryption have an impact on system performance? Yes. But not significantly. First off, the boot process is slowed down by you needing to insert a password. 

With EFDE, you can actually use its single sign-on (SSO) feature to authenticate both the encryption and Windows access with the same password at once, making bootup simpler. 

Second, it’s true that software encryption uses some computer resources (CPU/storage), but it doesn’t make much of a difference, especially when considering the implications of not having any added security. Really, a ransomware attack should call for a miniscule drop in performance considering the wider implications of such an attack disrupting business continuity, aside from its monumental cost and potential legal troubles.


3. Encryption is complicated

Users might think that encryption requires some actual wizardry from them, which is true — the process IS magical. But it’s not complicated. For EFDE, you just need to purchase a subscription, and with a few clicks, your storage is protected.

ree

4. Encryption is expensive

Contrary to the popular myth that security is expensive, it is cheaper than the fallout of a cyberattack, which carries an average cost of $4.88 million. For instance, a year-long subscription of ESET PROTECT Advanced for five devices comes to $275, and it’s packed with features beyond encryption.

Still too much? In that case, most mobile devices and operating systems, like Windows 11, come with encryption features pre-loaded. Whether that sort of protection is enough for your business is up to you.


5. Encryption is redundant

Some business owners could argue that they don’t need encryption because they either don’t work with sensitive data or aren’t big enough to be seen as a great catch for threat actors. This is a myth designed to conceal their unwillingness to see the truth about the threat landscape, as well as to save a bit on their budgets. 


Ask yourself: Is your financial data worthless? Is your personal data or that of your employees and their work unimportant? Are you fatalistic enough to chance your business’s survival on the fact that no one would want to exploit you? Remember, even a small retail tool shop must keep data on its sales/taxes/salaries/etc. Is such information insignificant?


With ESET Endpoint Encryption, you can avoid these threats by simply encrypting your files/folders/flash drives, and even emails and attachments.

Encryption is not redundant. If someone were to steal your work laptop, encryption could protect your data against untrusted access. If a threat actor like Mallox or Embargo would want to halt your business until you pay a hefty ransom, encryption could prevent it by protecting your most important files. 


Wait, it’s all encryption?

What’s always been true about cybersecurity is that layers matter. Encryption is a crucial technology in our connected day and age. From storage drives to online communication, encryption exists all around us. 

With our myths debunked, all that remains is to trust encryption to do its thing. It’s simple, fast, easy to deploy, and necessary to protect against unsanctioned access or manipulation.

Comments

bottom of page