In the summer of 2017, we witnessed the WannaCry attack, the worst ransomware outbreak in history. According to a Reuters report, global revenue losses from the attack were estimated to be as high as $53 billion. Businesses of all sizes in both the private and public sectors were affected by the event, with financial datasets and patient records being especially at risk. It is expected that with advances in data network capabilities and the adoption of collaboration and corporate communication software, this type of cyberattack will only become more common and difficult to contain.
Despite such a major wake-up call, few businesses have addressed the underlying issues. Very few small and medium-sized businesses are putting in place measures to combat ransomware, and many lack personnel trained in cybersecurity.
However, there are four main reasons why secure communication is important for business:
- To protect customer data
- To protect your intellectual property
- To shield internal communication
- To comply with governmental regulations
If your communications are to be secure against such hacks, then your infrastructure needs to be modeled around the two main features below:
Secure Authentication and Authorization
If your organization is looking to implement password-protected communications through your website or collaboration apps, then you will have probably already come across the terms authentication and authorization. Although many people use the terms interchangeably, the reality is that they are very different.
Both authentication and authorization have vital roles to play in ensuring secure communication between users in your organization. They first confirm the identities of the communicating parties and then grant different access levels to an application.
- Authentication: Put simply, this is the process that confirms the identity of a user and is traditionally done by supplying a username and password. A user keys in their username and password, allowing the system to confirm who they are. The effectiveness of this system is reliant on only the user and the communication app’s server knowing the password. The process of authentication then compares the credentials entered by the user with those stored in its database. If matching credentials are found, the process of authentication is completed.
- Authorization: Once the user is authenticated, an authorization process will then determine the permissions granted. These permissions will govern what a user can see or do within the application, who they can communicate with, and what they can do when signed in.
A study by leading antivirus developer Kaspersky established that 52% of businesses consider employees as the biggest weakness for their cybersecurity. This makes authorization all the more important, as a single careless action from one employee should not be enough to give an intruder unfettered access to your entire communication system.
End-to-End Encryption (E2EE)
Today, organizations share more internal data over public communications networks than ever before. This has led to a whole new set of complications and opportunities for data breaches, making end-to-end encryption (E2EE) essential for secure communications.
E2EE gives you an added layer of protection, since digital keys are stored on the communicating devices at either end of a conversation, and only they can decode the contents of messages sent between users.
For any communication sent, a new key is generated at either end of the conversation to ensure that even if someone accesses one message, they cannot reuse the key to view any other messages. This feature keeps all communication private, thus dramatically reducing the security risks.
A good example of the need to have each message generate its own encryption key is the Heartbleed bug, discovered in 2012. This attack let hackers download 64 kb of private memory from servers. By repeatedly running the exploit, hackers were able to download a large amount of sensitive user data from the servers, including email addresses, passwords, and cookies. At its peak, the Heartbleed bug made over 600 million websites and messaging platforms insecure. And this was all made possible by the hackers gaining access to a single session key.
Compliance with New Data Regulations
More and more stringent laws, rules, and regulations regarding the transmission and storage of data are being enacted by governments around the world. A good example is the EU’s General Data Protection Regulation (GDPR) that was implemented in May 2018 and which places far more obligation on enterprises to protect their internal and external data as well as secure communications.
In the span of one year after the GDPR regulations were enacted, the EU confirmed that there were nearly 90,000 data breach notifications from companies attempting to comply with the new laws and a further 145,000 complaints from concerned citizens.
Failure to comply with the regulations could see your company face hefty fines and a damaging loss of public trust. Failure to follow the regulation can lead to a fine of as much as 4% of an enterprise’s global turnover for firms that do not take adequate steps to secure their data and communications. This type of penalty could have major financial repercussions if your company fails to play ball.
Secure Your Information and Communications Today
As more corporate communication moves to the Internet, modern businesses have been left vulnerable to attacks and infiltration. Every day, you can find news of energy companies, banks, insurance firms, and even governments falling victim to hackers as a result of weak security measures and vulnerable communications systems.
However, secure communication is not just a tool or service for your business, and it has evolved to be something far greater. It has become a kind of insurance or protection, a guardian against legal obligations and a shield from illegal activities.
Worried about the security of your corporate communications? Download Wickr and keep your communications private and secure through the highest standards of end-to-end data encryption.