This article originally appeared in computing in September, 2017.
Earlier this summer, we saw the worst ransomware outbreak in history in the form of WannaCry. According to Cyence, a cyber risk modelling firm, global revenue losses are purported to be in the region of $4 billion. Players of all sizes in the public and private sector were affected, with patient records and financial datasets being exploited.
Figures suggest that cyberattacks of this nature will only become more rampant, the consequences of which will make businesses wanna’ cry. Juniper Research found that 2.8 billion customer data records are expected to have been stolen by the end of this year alone, a figure that is expected to triple within five years, amounting to $8 trillion’ worth of financial losses.
Despite such staggering projections, businesses are frequently failing to address the issues. In fact, only 42 per cent of small and medium size businesses (SMBs) are concerned about ransomware, and over a quarter of small business personnel lack cyber training. SMBs are falling short on their cybersecurity strategies, and leaving themselves wide open to risk.
Increasingly stringent rules and regulations like the upcoming EU’s General Data Protection Regulation (GDPR), which will be implemented in May 2018, mean that enterprises will have a far greater obligation to protect both internal and external data.
Failure to do so will result in hefty fines and loss of public trust. Fines amounting up to 4% of global turnover could be administered to firms who do not adequately protect their interests, a penalty which could mean huge financial repercussions for companies not playing ball.
However, there are certain measures a business can take to safeguard themselves, their customers and their revenue. One of the most important of these is secure communication.
Against a backdrop of ever-increasing digital risks, secure business communication has become essential. This has propelled demand for platforms that offer end-to-end encryption (E2EE). More data is shared within organisations over communications platforms than ever before, which has opened a new arena of complications with regards to data breaches, an arena within which only E2EE can do battle.
E2EE provides another layer of protection as keys are only stored on each user’s device, one at each end of the conversation, and only these keys can unlock the contents of the message. New keys are generated for any communication at both ends (each device) so should someone gain access to one message, they will not gain access to all future communications. This approach ensures all communications are kept private and secure, dramatically reducing risk.
Three main reasons for secure business communication:
However, using an E2EE communications tool shouldn’t mean sacrificing essential business functions, such as secure file and screen sharing and video calls. Fortunately there are now solutions available, which combine the security benefits of E2EE with a non-technical user interface and the tools businesses rely on.
Whilst secure communication will fortify a firm’s cyber defences, businesses need to think carefully about how safe and, more importantly, how reputable a secure communications platform is before implementing it into a business model. Just this month, Lookout Security Intelligence discovered malware hidden in a messaging app called SonicSpy; malware under the guise of an enterprise communications platform for workers who travel abroad, available on Google Play, a trusted app store.
This incident exemplifies a wider issue revolving around how companies prioritise cybersecurity within the workplace, as it indicates that companies do not have sufficient awareness over the applications that are being used on their employees’ devices.
The boundaries between personal and business communication are blurring at an increasing velocity, meaning that unsafe and unsecure applications have become rife within workplaces, which carries huge risks. Apps like SonicSpy can open businesses up to threats, surveillance and extortion, and the onus is on business decision makers to implement policies to protect themselves, and promote apps that are suited for both business and personal use.
Data breaches on the scale of WannaCry can be avoided. We will see more sophisticated in the future and secure communication is the frontline of defence. End-to-end encryption is crucial for enterprises to protect their assets and meet regulatory standards.
But ultimately it’s about the people within that enterprise. More people are worried about privacy and security — over 80 per cent more than last year — which means employees need to be reassured that their workplace is taking measures to protect their data.
Alan Duric, co-founder and CEO, Wire