对于任何公司来说,安全都是至关重要的。员工及其沟通方式是最重要的安全漏洞之一。电子邮件(Email)、通过网络发送的文件、USB 记忆(USB memory)棒或便携式硬盘驱动器上的文件,这些都是相对容易被截获的东西。这就是为什么公司或机构(company or institution)安全的最关键方面之一是如何加密数据以及如何控制对信息的访问。我们想看看最好的加密解决方案之一,它可以在本地使用,也可以远程管理。它被称为ESET EndPoint Encryption,它由两个专为加密数据而设计的软件解决方案构建而成:DESlock+,可以加密工作站上的数据的客户端应用程序,以及DESlock+ Enterprise Server,您公司的管理解决方案。(administration solution)以下是您可以使用ESET EndPoint Encryption ( DesLock+ ) 执行的一些最有用的操作:
1.加密员工发送的电子邮件
ESET Endpoint Encryption (DESlock+)为其用户提供了发送加密电子邮件的选项,借助插件自动安装在Microsoft Outlook 2003(version 2003)或更高版本中。当您想要使用Outlook发送加密邮件时,您可以选择(Outlook)DESlock+中可用的加密选项之一。
当您想要加密电子邮件时,您有三个选项:Encrypt Now!, Encrypt On Send时加密和加密并发送(Encrypt And Send)。现在Encrypt Now! Button立即加密电子邮件,Encrypt On Send会在您发送邮件时自动加密邮件,Encrypt And Send既加密又发送邮件。
在您按下其中一个加密按钮后,DESlock+会要求您选择要使用的加密密钥(encryption key),或者让您输入用作加密密钥(encryption key)的密码。
当接收者收到加密的电子邮件(email message)时,他或她可以使用DESlock+对其进行解密。即使他/她没有安装此加密工具(encryption tool),只要密码正确,他/她也可以使用名为DESlock+ Reader的免费应用程序来解密消息。
2.加密里面有敏感文件的文件夹
DESlock+包括一个工具,用于加密包含您不希望每个人都可以访问的信息的文件夹。在Windows 计算机(Windows computer)上加密文件夹很容易:右键单击该文件夹,转到DESlock+子菜单,然后按Encrypt with DESlock+。
然后,DESlock+可以使用可用的加密密钥之一来加密该文件夹。
加密文件夹所需的时间可能会有很大差异,具体取决于Windows 计算机(Windows computer)的速度以及在该文件夹中找到的文件数量。最后,您可以选择保留该文件夹的未加密副本,也可以将其完全删除。
只要DESlock+在您的 PC 上处于活动状态,您就可以不受限制地访问已加密的文件夹。但是,如果DESlock+ app停止,则无法再访问这些文件夹,因为它们会消失。
3.加密可移动驱动器(USB记忆(USB memory)棒,存储卡,便携式硬盘等)
使用DESlock+,您还可以加密可移动驱动器,例如USB 记忆(USB memory)棒、存储卡、便携式硬盘驱动器或SSD(SSDs)。您必须右键单击系统托盘(system tray)中的DESlock+ icon,选择可移动媒体(Removable Media),然后单击可移动媒体加密(Removable Media Encryption)。
然后,DESlock+打开一个向导,您可以在其中选择要加密的可移动驱动器,以及是要完全加密还是部分加密。
开始加密过程(encryption process)后,请等待它完成。如果您选择完全加密该USB 记忆(USB memory)棒(或存储卡(memory card)、便携式硬盘(HDD)等),此步骤可能需要很长时间。
如果您选择完全加密,则该存储单元(storage unit)将只能在安装了DESlock+的计算机上访问。如果您选择仅加密存储单元(storage unit)的一部分,则可以在任何 PC 上使用名为DESlock+ Go的工具对其进行解密。
4. 加密文档中的文本
使用DESlock+,您还可以加密和解密文本。如果需要,您必须从系统托盘打开(system tray)DESlock+ menu,然后转到Text Encryption -> Open。
DESlock DESlock+ Text Encryption打开后,选择包含要加密的文本的窗口,或者如果您不想完全加密,则只选择其中的一部分。然后,单击加密(Encrypt )按钮。
您还必须选择加密密钥(encryption key)(或加密密码(encryption password),如果您愿意),之后整个选定文本(或窗口中的所有文本)都将被加密,如下所示:
为了能够解密该文本,您需要提供正确的加密密钥(encryption key)或正确的密码。
5. 加密整个分区或存储单元(硬盘驱动器、SSD(SSDs)等)
DESlock+可以加密整个硬盘驱动器、固态驱动器或分区。使用DESlock+ Enterprise Server,您可以管理员工使用的所有工作站,并且可以完全加密它们。该工具可确保未经授权的人员无法访问这些工作站上的任何内容。唯一可以打开和使用工作站的用户是那些被授权这样做并拥有身份验证详细信息的用户。
这种类型的加密需要在操作系统(operating system)启动之前在工作站上进行身份验证,这意味着DESlock+不仅可以保护用户的文件,还可以保护操作系统(operating system)文件、交换文件、临时文件以及用户曾经删除但可能被删除的任何文件。使用正确的工具恢复。
6. 配置策略
DESlock+ Enterprise Server还带有一个策略管理系统(policy administration system)。任何公司最必要的政策之一是控制对可移动驱动器的访问,例如USB 记忆(USB memory)棒。DESlock+让我们可以选择管理允许哪些用户访问便携式驱动器,完全、从不或仅部分访问,例如仅在加密时。
在DESlock+ Enterprise Server web用户(Users)”和“工作站(Workstations)”部分中的可用选项轻松创建此类策略。
7.在工作站上远程安装DESlock+
DESlock+ Enterprise Server管理员可以使用DESlock+ Enterprise Server在他们管理的工作站上远程安装DESlock+ client为此,要安装 DESlock+ 的客户DESlock+计算机(client computer)必须与安装DESlock+ Enterprise Server的计算机属于同一网络。
如果您无法在工作站上远程安装DESlock+ client,还可以选择使用DESlock+ Enterprise ServerMSI 文件(MSI file),然后您可以在工作站上手动安装该文件。
8.符合GDPR的(GDPR)数据保护(Data protection)
欧洲已通过严格的个人数据保护规则执行其通用数据保护条例 (GDPR) 。(General Data Protection Regulation (GDPR))GDPR还详细说明了可以针对数据泄露采取的预防措施,被认为适合在企业和机构中实施。其中一项建议涉及数据加密。
DESlock的加密使公司能够履行其GDPR义务,以保护其数据和应用加密策略,同时保持高生产力。ESET的DESlock 加密(DESlock Encryption)还解决了有关适用性的最大挑战之一:用户如何尽可能轻松地共享他们需要使用的所有加密数据?易于猜测的密码是潜在的安全风险(security risk),而使用公共加密密钥进行加密可能会导致问题,尤其是在人员流动率高的大型团队中。使用集中管理的加密密钥可以避免这些问题,反映了一种更自然的解决方案,类似于我们用来阻止访问汽车或房屋的物理密钥。您可以在此处(here)了解有关ESET EndPoint Encryption ( DesLock+ ) 在GDPR 合规性(GDPR compliance)方面的适用性的更多信息。
您如何看待ESET EndPoint 加密(ESET EndPoint Encryption)( DesLock+ )?
现在您知道了可以使用ESET EndPoint Encryption ( DesLock+ ) 执行的操作。我们相信这个平台可以显着提高您所在公司的安全性。在结束本文之前,我们想在下面的评论部分中了解您对它必须提供的功能的看法。
8 things you can do with ESET EndPoint Encryption (DESlock+)
For any company, security іs crucial. Employees and the way they communicate represent one of the most signifіcant security holes. Email mеssages, fileѕ sent through the network, on USB memory sticks or portable hard drives, theѕe are all things that can be intercepted relatively easily. That is why one of the most critical aspects for the security оf a company or institution іs how the data is еncrypted and how the access to information is controlled. We would like to take a look at one of the best encryption solutions, thаt can bе used lоcally but also managed rеmotely. Іt is called ESET EndPoіnt Εncryption, and it is buіlt from two software solutions designed for encrypting data: DESlock+, a client app that can encrypt data on wоrkstations, and DESlock+ Enterprise Server, thе administration solution for your company. Here are a few of the most useful things you can do with ESET EndPoint Encryption (DesLock+):
1. Encrypting the email messages sent by employees
ESET Endpoint Encryption (DESlock+) offers its users the option to send encrypted email messages, with the help of a plugin that installs automatically in Microsoft Outlook, version 2003 or newer. When you want to send an encrypted message, with Outlook, you can choose one of the encryption options available in DESlock+.
When you want to encrypt an email message, you have three options: Encrypt Now!, Encrypt On Send and Encrypt And Send. The Encrypt Now! Button encrypts the email message immediately, Encrypt On Send automatically encrypts the message when you send it, and Encrypt And Send both encrypts and sends the message.
After you have pressed one of the encryption buttons, DESlock+ asks you to choose the encryption key that you want to use, or it lets you enter a password that is used as an encryption key.
When the receiver gets the encrypted email message, he or she can use DESlock+ to decrypt it. Even if he/she does not have this encryption tool installed, he/she can use the free app called DESlock+ Reader to decrypt the message, as long as the password is right.
2. Encrypting folders that have sensitive files inside
DESlock+ includes a tool for encrypting the folders that contain information to which you do not want everybody to have access. Encrypting a folder on a Windows computer is easy: right-click on that folder, go to the DESlock+ submenu and press Encrypt with DESlock+.
Then, DESlock+ can use one of the available encryption keys to encrypt that folder.
The time needed to encrypt the folder can vary a lot depending on how fast your Windows computer is and how many files are found in that folder. In the end, you can choose to keep an unencrypted copy of that folder, or you can completely remove it.
As long as DESlock+ is active on your PC, you have unrestricted access to the folders you have encrypted. However, if the DESlock+ app is stopped, those folders can no longer be accessed, as they disappear.
3. Encrypting removable drives (USB memory sticks, memory cards, portable hard drives, etc.)
With DESlock+ you can also encrypt removable drives such as USB memory sticks, memory cards, portable hard drives or SSDs. You have to right-click on the DESlock+ icon from the system tray, choose Removable Media and then click Removable Media Encryption.
Then, DESlock+ opens a wizard in which you can choose what removable drive you want to encrypt, as well as whether you want to encrypt it entirely or partially.
Once you have started the encryption process, wait for it to finish. If you chose to completely encrypt that USB memory stick (or memory card, portable HDD, etc.), this step can take a long time.
If you chose the full encryption, that storage unit is going to be accessible only on computers that also have DESlock+ installed. If you choose to encrypt only a part of the storage unit, it can be decrypted on any PC, with the help of a tool called DESlock+ Go.
4. Encrypting text in documents
With DESlock+ you can also encrypt and decrypt text. If you want that, you have to open the DESlock+ menu from the system tray and go to Text Encryption -> Open.
Once the DESlock+ Text Encryption opens, select the window that contains the text which you want to encrypt, or select just a part of it, if you do not want to encrypt it entirely. Then, click the Encrypt button.
You must also choose the encryption key (or the encryption password if you prefer), after which the whole selected text (or all the text in the window) is encrypted and looks like this:
To be able to decrypt that text, you need to supply the right encryption key or the right password.
5. Encrypting whole partitions or storage units (hard drives, SSDs, etc.)
DESlock+ can encrypt entire hard drives, solid state drives or partitions. With DESlock+ Enterprise Server, you can manage all the workstations used by the employees, and you can completely encrypt them. This tool assures you that nothing on those workstations can be accessed by unauthorized personnel. The only users that can turn on and use the workstations are those authorized to do so and have the authentication details.
This type of encryption requires the authentication on the workstation before the operating system boots, which means that DESlock+ protects not only the user's files but also the operating system files, the swap files, temporary files and any files that the user once deleted but could be recovered using the right tools.
6. Configuring policies
DESlock+ Enterprise Server also comes with a policy administration system. One of the most necessary policies in any company is that which controls the access to removable drives, such as USB memory sticks. DESlock+ gives us the option to manage which users are allowed to access portable drives, completely, never or just partially, like only when they are encrypted, for instance.
In the DESlock+ Enterprise Server web interface, administrators can create such policies with ease, using the options available in the Users and Workstations sections.
7. Remote installation of DESlock+ on workstations
DESlock+ Enterprise Server can be used by administrators to remotely install managed versions of the DESlock+ client on the workstations that they manage. To be able to do this, the client computer on which DESlock+ is going to be installed must be a part of the same network as the computer on which DESlock+ Enterprise Server is installed.
If you cannot install the DESlock+ client remotely on the workstations, there is also the option to generate an MSI file using DESlock+ Enterprise Server, which you can then manually install on the workstations.
8. Data protection that is compliant with GDPR
Europe has enforced its General Data Protection Regulation (GDPR) with strict rules for protecting personal data. GDPR also details the prevention measures that can be taken for data leaks, considered to be suitable for implementation in businesses and institutions. One of the recommendations involves data encryption.
The encryption with DESlock allows companies to meet their GDPR obligations for securing their data and applying encryption policies while maintaining high productivity. DESlock Encryption by ESET also solves one of the biggest challenges regarding applicability: how can users share all the encrypted data that they need to work with, as easily as possible? Easy-to-guess passwords are a potential security risk, while encryption with public encryption keys may cause problems, especially in large teams, with a high degree of personnel turnover. Using encryption keys that are managed centrally avoids these issues, reflecting a more natural solution, similar to the physical keys that we use to block access to a car or a house. You can learn more about the applicability of ESET EndPoint Encryption (DesLock+) concerning GDPR compliance, here.
What do you think of ESET EndPoint Encryption (DesLock+)?
Now you know the things you can do with ESET EndPoint Encryption (DesLock+). We believe that this platform could significantly improve security at the company you work at. Before closing this article, we would like to know your opinion about the features that it has to offer, in the comments section below.