Security and Encryption Policies

When firms fail to encrypt their data and rely on the Hypertext Transfer Protocol Secure (HTTPS) feature, they expose their information to hackers who can access it before being transferred to the private network. Importantly, devices that work with unencrypted data can be easily manipulated because of the inability of the firewall to hinder unauthorized access into the system. Hence, protecting company data through encryption is one of the various tactics that firms can use to safeguard their client information from any unauthorized access from third-parties.

Data Encryption Methods

At Rest

Symmetric encryption is a tried and tested method of data encoding that promotes data confidentiality when it written to storage. In this regard, firms can use the method to encrypt and decrypt significant amounts of data without compromising their identity through vulnerabilities within the system (Li et al., 2019). This approach requires technicians to use a symmetric encryption key when encrypting and decrypting data. Likewise, the method requires firms to partition their data and use different keys to access the stored information.

In Transit

Transport Layer Security (TLS) can be used to encrypt data in transit for firms whose communication can be intercepted when data is moving from the company site to the cloud storage. Given the shift in data storage among organizations in the world today, encrypting data in transit plays an important role in restricting unauthorized access when transferring data to the cloud storage. In this regard, firms can use TLS to enhance their transport security and Secure/Multipurpose Internet Mail Extensions (S/MIME) for facilitating email system security.

Challenges of Deploying and Utilizing Encryption

Some of the challenges that can be encountered by the accounting firm when deploying and utilizing cloud encryption may fall in their mismanagement and control of the encryption keys. When firms fail to account for their usage of the encryption keys, they create an opportunity for third-parties to gain access without encountering any significant challenges (Singh et al., 2017). Since managing encryption keys is costly, the accounting firm may opt to cut costs by minimizing the workforce expected to oversee the management of data encryption. Besides, the firm may experience various difficulties in integrating the selected encryption method with its cloud-based systems. However, assigning a dedicated workforce to oversee the implementation of the encryption process will address the primary problems experienced by the accounting firm.

Case Studies

In March, 2020, a third-party gained access to T-Mobile’s employee and customer accounts where the attacker used the information to pursue their selfish interests. Some of the compromised data included Social Security numbers, financial account information, and government identification numbers among other data sets. In November 2019, the telecommunication giant suffered another data breach that compromised its user information, demonstrating a growing inefficiency to utilize data encryption methods (Munsch&Munsch, 2021). In this case, the security breach would have been avoided by strengthening the firm’s email and data storage to limited external access into its system.


Encryption allows corporations to protecting data by limiting unauthorized access from third-parties into their information systems. Symmetric encryption allows firms to encrypt their data at rest while TLS and S/MIME introduce extra protection for data on transit. Regardless of the system adopted by the accounting firm, it should embrace both encryption methods to enhance its overall security and protection of its stored information and the data exchanged between the firm and its clients.




Li, J., Huang, Y., Wei, Y., Lv, S., Liu, Z., Dong, C., & Lou, W. (2019). Searchable symmetric encryption with forward search privacy. IEEE Transactions on Dependable and Secure Computing.

Munsch PhD, A., &Munsch MBA, P. (2021). The Future of API (Application Programming Interface) Security: The Adoption of APIs for Digital Communications and the Implications for Cyber Security Vulnerabilities. Journal of International Technology and Information Management29(3), 24-45.

Singh, S., Sharma, P. K., Moon, S. Y., & Park, J. H. (2017). Advanced lightweight encryption algorithms for IoT devices: survey, challenges and solutions. Journal of Ambient Intelligence and Humanized Computing, 1-18.



Looking for help with your homework?
Grab a 30% Discount and Get your paper done!

30% OFF
Turnitin Report
Title Page
Place an Order

Cite this Page

Security and Encryption Policies . (2021, November 10). The Studypool . Retrieved July 19, 2024, from
“ Security and Encryption Policies .” The Studypool , 10 Nov. 2021,
Security and Encryption Policies . [online]. Available at: <> [Accessed 19 Jul. 2024].
Security and Encryption Policies [Internet]. The Studypool . 2021 Nov 10 [cited 2024 Jul 19]. Available from:
Grab A 14% Discount on This Paper
Pages (550 words)
Approximate price: -