Network World, 7/7/97

Before deploying any type of encryption you must understand your data scrambling motives and all the costs associated with it such as software licensing, performance degradation, overhead for key management and user support.

• Make sure encryption doesn't become a weapon that can be used against you. Be sure there is a way to override a user's password to avoid cases of data ransoming or disgruntled employees from blocking access to critical files.

• Don't say no to encryption just because you already use security measures like authenticated logins, access controls and firewalls. No security measures are infallible.

• Even if you decide that encryption is too burdensome for your internal network, use it when sending sensitive data over the wide open Internet, where it is relatively easy to read any unencrypted messages and attachments.

• Don't think that you have to encrypt everything. Total encryption imposes a huge burden on processors and is usually unnecessary. Even e-mail can be sent unencrypted if you are diplomatic and circumspect about what you write.