What happens when a company does not encrypt its hard drives

The encryption or encryption of information is one of the mandatory points in any system today and this grows as the responsibility and volume of private information that a company has to handle increases. That is why not doing so is a serious crime throughout the world and can carry severe penalties. If not, ask Morgan Stanley, who has been fined for not protecting their hard drives.

One of the most ignored markets, but at the same time the most lucrative and important, is that of data processing, and today thousands of companies handle customer data that they have to protect. Therefore, it is not only necessary to have the servers well protected from intruders, but also to have the information well encrypted so that only we can read it and ultimately know how to discard the unused storage units.

What happens when a company does not encrypt its hard drives

Why has Morgan Stanley been fined?

The famous US investment bank has been fined $35 million by the Securities and Exchange Commission for disposing of all used storage units on its servers in a disastrous manner. The reason for this was that they hired a company without knowledge in the matter to get rid of the hard drives that contained private and sensitive information of their thousands of clients . In total there are 42 the number of affected systems.

Data Center

The bank has decided not to respond to the SEC’s accusations, therefore it has not pleaded guilty and has not denied the accusations either . Simply, he has limited himself to paying the fine. Although for that price, Morgan Stanley could have invested in more security and all this experience shows the importance of hardware for data protection, which we tend to despise or ignore.

No data encryption

Although the problem has been more serious due to the fact that Morgan Stanley has never used any of the data encryption techniques on the hard drives of its servers. So anyone who accesses those hard drives can easily get the information and at the same time said data is vulnerable to intrusion by third parties to the servers.

Cifrado de datos en SSD

The normal thing is to use specialized hardware to encrypt the data in formats such as AES-256, this is based on a specialized chip that executes a mathematical formula that converts the binary code on the hard drives into another, in such a way that the data cannot be read. At the same time, the system is accompanied by another chip that performs this function in reverse to be able to recover the data. This allows the full recovery of the information locally.

In any case, with the attacks on NVIDIA a few months ago and UBER recently, it is becoming clear that companies often ignore these protection methods or rather do not do so and it is necessary to improve security in these cases.