Large or small, every company has secrets it needs to keep to stay in business. It might be its customer list, proprietary source code, next-gen product plans or even the secret sauce for its sandwiches, but they all need to be protected from hackers, snoops and industrial spies. The best way to keep these things—and every other confidential item—under wraps is to hide them in plain sight by encrypting them.
The mathematical magic of encryption means that only those with the correct key can unscramble its contents and open the file. The odds are heavily stacked against a hacker randomly guessing the key or using the brute-force approach to crack the encryption key. Take the popular Advanced Encryption Standard as an example. Using the variant with a 256-bit decryption key, a.k.a. AES-256, an astounding 3 followed by 76 zeros possible keys are available. So, even with a break-in, your company’s data would remain secure because the encrypted files will remain unreadable to the intruders.
Encryption is becoming a popular way to protect company data. As recently as 2005, only about 15 per cent of US companies surveyed by the Ponemon Institute had an encryption strategy. In 2020, that figure was up to 48 per cent, with payment, financial, and personnel records the top choices for encryption. Still, it leaves the data at more than half of firms exposed and potentially unprotected.
Dozens of encryption packages are available, though many of the apps are aimed at consumers hiding compromising frat party pictures or legal documents. Others, like Microsoft’s BitLocker and Apple’s Data Vault, are meant for scrambling the entire disk of a computer, not individual files.
What to look for in a file encryption tool
First, a business-class encryption program has to, well, encrypt files efficiently, reliably, and quickly so that workers actually use it. If the app baulks at encrypting large files or doesn’t consistently decode them, it won’t be used and the firm’s data will be just as vulnerable as if it didn’t have the software.
The best encryption packages not only provide a choice of encryption method but can scramble individual files so that employees can safely send and share key data with colleagues. Some even provide a secure sharing method for coworkers to collaborate without risking the company’s secrets.
While encryption is a good way to secure files you want to keep, what about those you don’t want anymore? Deleting them only removes the drive’s FAT entry that points the processor to where its data is stored. The underlying data remains until it is overwritten by a new file. Shredding or wiping software that is sometimes included with an encryption app can make it literally disappear by repeatedly overwriting the data with a variety of patterns. It’s a nice bonus for the security minded.
Finally, think about key management. After all, it is the “key” to opening encrypted files, but if it’s not available or too available, you might be left with a false sense of security. Some packages keep their keys in the cloud while others store them locally. The best provide a recovery key that can help if a key is lost in a computer meltdown or the sudden departure of an employee, but it’s best if these are, you guessed it, encrypted.
Below are three of the best encryption programs aimed at enterprises that can encrypt individual files while managing the keys required to open the scrambled items. I gave each a workout that focused on ease of installation and use as well as how fast they encrypted and decrypted a folder containing 505MB of assorted data.
By allowing the use of a wide variety of local and online storage systems, Boxcryptor Enterprise aims to protect a company’s data with industrial-strength encryption no matter where the data resides. With a focus on medium to large firms, Boxcryptor Enterprise customers include large universities and international firms with thousands of employees. One of its most prominent clients is a large German carmaker.
While the software lacks the ability to encrypt entire hard drives, it can protect the contents of files and folders. It is HIPAA and GDPR compliant and the company has a zero-knowledge philosophy with no backdoors or logs in its software. The Boxcryptor Enterprise version stores the needed encryption keys securely online and caches them locally as needed. It is the rare encryption software that includes the ability to set up two-factor authentication (2FA) as a further layer of protection.
Unfortunately, it lacks the remote management capabilities that Jetico BestCrypt offers, but the Boxcryptor software can be remotely installed. An IT administrator can set up workgroups as well as company-wide encryption policies that can specify things like password length. A big bonus for large companies that use a variety of different platforms is that Boxcryptor covers the OS gamut with compatibility for Windows, MacOS and Linux systems as well as Android and iOS tablets and phones. Easily, the company has the widest offering.
The company’s latest effort is a version that works within Microsoft Teams to make collaboration more secure. It doesn’t encrypt the audio, video and chat, but scrambles any shared files in Teams online and automatically unscrambles them when needed.
In addition to local saving and using a flash drive, the program can encrypt files sent to OneDrive, Dropbox, GoogleDrive and Sharepoint servers. Unlike Nordlocker, Boxcryptor doesn’t offer online space for these files and lacks the ability to encrypt files directly from popular programs like Office.
Boxcryptor Enterprise uses AES-256 encryption to secure files or folders of any size in virtual drives but unlike the Jetico software, it doesn’t offer alternative ciphers. There’s no way to hide encrypted files behind a password for an extra layer of security.
Under the surface, Boxcryptor keeps the encrypted files in virtual drives that are automatically created and can be of any size. Encrypted files have a green box added to the icon. Files can be encrypted and decrypted with a right-click in Windows Explorer or dragged to the encrypted drive. The originals are automatically wiped.
It took me a little more than five minutes to install Boxcryptor on my HP EliteBook Dragonfly system. The program provides a warning that lost keys can’t be recovered. Unlike other encryption software, it works behind the scenes with little or no traditional interface. There is an online interface for doing things like exporting your encryption keys for central storage and setting up 2FA.
The Enterprise package includes Boxcryptor’s Whisply. This home-grown browser-based system offers a protected sharing platform that can help a group collaborate securely online. On the downside, none of Boxcryptor’s products include a file shredder.
All I had to do to encrypt my files was to drag them into the virtual X: drive that Boxcryptor set up for holding encrypted files. It encrypted my 505MB of test files in 4.1 seconds and reconstituted them in 2.9 seconds. All of the elements came through without a digital scratch.
Boxcryptor Enterprise sells an initial five-seat package for US$720 a year, or US$144 per user. A 1,000-seat company can expect to pay about US$108 per year per user on a three-year contract. Still, it’s one of the most expensive ways to protect a company’s data. There’s a free version to try out.
While it lacks a way to centrally manage a company’s encryption efforts, the combination of cross-platform support and a version that melds with Teams makes Boxcryptor Enterprise an innovative contender.
- Works with Windows, Mac, Linux, iOS and Android
- Microsoft Teams version
- Secure file sharing portal
- No file Shredder
Jetico Enterprise Data Protection
With the choice of two encryption and two shredding apps, Jetico Enterprise Data Protection has an a la carte menu so you don’t get—and pay for—more than your company needs. The combination of the company’s BestCrypt encryption and BCWipe shredding makes for a formidable combination for the security minded.
Jetico’s security offerings come down to whether you want to encrypt or fully erase a complete hard drive (with BestCrypt Volume Encryption and BCWipe Total Wipe Out) or work file by file (with BestCrypt Container Encryption and BCWipe). By contrast, competitors, like NordLocker and BoxCryptor lack the file shredding potential of BCWipe.
The software is compliant with HIPAA, GDPR and the payments-oriented PCI DSS standard. The company focuses on securing the data held by governments, national laboratories and medium to large enterprises, including the US Department of Defense. Jetico has built its encryption programs without backdoors or external logging, but that also means that if a key is lost, so is the data. It has released its source code to the public.
Read more on the next page...