Encrypt. – Chris Apgar, CISSP, president and CEO, Apgar and Associates, LLC
All mobile devices and the often-overlooked media, such as USB drives, should be encrypted if they will be used remotely. The cost of encryption is modest and is sound insurance against what has been demonstrated to be a significant risk to health care organizations. Most breaches do not occur because of cyber crime. They are associated with people. Even if organizations allow their employees to use their own tablets, laptops and smartphones, they should require encryption if there is a possibility sensitive data will be stored on those devices. Organizations may have a policy prohibiting the storage of sensitive information on personally owned devices, but it is a very hard policy to enforce. At the very least, organizations should require the use of company owned and encrypted portable media.