You know email isn’t secure, let’s do something about it.
Every week there is a new data breach, a company gets hacked, or emails that shouldn’t be public become public. With computer security on everyone’s minds one of the easiest ways to protect your company’s data and intellectual property (IP) is secure messaging. Here are seven reasons why you and your team should start using secure communications today.
1) Why isn’t email secure?
We’ve come a long way since the early days of email, but email is about as secure as a postcard. When you mail a postcard, anyone can read what’s written on the back. For all intents and purposes, email isn’t much different, here’s why. Most email providers like Gmail, Outlook.com, and Office365 encrypt emails between your device and the server, but emails are stored on the server unencrypted as plain text. This means anyone with access to the server can read your emails.
You have to assume that anything you email someone could be read by someone else—without you even knowing it. When it comes to protecting privacy and information, the bottom line is email is not secure.
2) What privacy laws impact secure messaging?
Privacy regulations like GDPR (Europe) and HIPAA (U.S.) require you to protect people’s private information. For HIPAA especially, the only way to follow the rules is to use end-to-end encryption (E2EE) for messaging.
E2EE means when you send a message to someone, the message stays encrypted until the other person opens it. The essential, and secure, part of sending a message with an app that uses end-to-end encryption is only the person you sent the message to and no one else will be able to decrypt the message. SKY ECC uses 521-bit elliptic-curve cryptography to protect all messages sent, ensuring that only the sender and receiver can read messages.
While the message makes its way across the internet, the message can’t be read by anyone else—not even the company running the service. End-to-end encryption is essential for true privacy and security. The only people who should be able to read your message are the people you sent it to.
With SKY ECC each user has a unique cryptographic signature, so when you write a message to that person, or several people, the message is encrypted based on that user’s unique key. SKY ECC’s main security feature is the use of 521 bit keys and our proprietary elliptic-curve cryptogrpahy algorithm. Even if you’re only communicating with your team, if you’re talking about sensitive topics or sharing client information, you need to make sure the only people who should be reading the message are the people who are reading the message.
If you are not confident about the security of your message in transit, chances are, you’re not protected. As more countries pass privacy laws, it will become even more critical that your electronic communication tools follow the rules around the world.
3) Why do hackers target email?
The first place hackers target is email. From malware to phishing, email is often the easiest way to hack into a company’s IT network.
Software to prevent spam, malware, and phishing emails from getting to us does a great job, but hackers are coming up with more and more clever ways to get around those filters. One increasingly common hack is getting an employee’s email, username and password, then send phishing emails as that employee to other employees. If you usually get emails from Sue in accounting or Bill in marketing, why wouldn’t you click that link or open the document they sent? Exactly.
This is where secure messaging apps come into play. Secure messaging apps make it more difficult for hackers to get that first foothold. For most secure communications apps, it is nearly impossible to send a spam or phishing message to a lot of people at once.
Secure messaging apps use contact list security tactics which make it difficult to guess someone’s secure messaging address, so hackers can’t just send out messages guessing addresses (as is easy to do with email). Even if somehow a person is compromised by spam, the cryptographic signature for E2EE apps is based on the specific device someone is using, which makes it impossible to fake a message sent as that person from another device.
You have none of the above protections with email. It’s easy to guess company email addresses and if you get a person’s email password, it’s easy to log into the server and send a message as them from anywhere in the world. The less you rely on email and the more your team uses secure messaging tools, the less likely email-based hacks will be successful. According to security vendor Varonis, over 70% of hacks come from spear phising attacks.
4) How do servers impact secure messaging?
Think about how many documents you email each day. What if those documents got into the wrong hands? What damage would that cause your business? Sending documents through a secure communications app reduces the risk that your documents will fall into the wrong hands or be intercepted in transit.
Remember, when you email a document through your internal email server, the document is stored on the server without any encryption. If a hacker gets access to the server, they can get not only emails but every document anyone has ever emailed at the company.
This is a huge risk that could touch every part of your organization and beyond. Think about all the people you work with outside your company. How are you sending documents and communicating with them? How are you protecting those documents and messages? You aren’t just storing and sending documents within your company, but outside your company as well.
5) How can you securely messages vendors and consultants?
Everyone works with people outside their business—lawyers, consultants, vendors, suppliers. How are you sending messages to them? Are you emailing sensitive documents? Are you emailing contracts, legal documents, financial information, and discussing strategic plans? When people think about secure messaging, often they only think about messaging inside a company, but what about everyone else? We sometimes rely on people outside our business to run our business:
- You send financial information to your accountant.
- You discuss sensitive legal matters with your lawyers.
- You talk strategies, plans, and tactics with your agency or marketing firm.
- You probably even email passwords to accounts and websites back and forth.
When you email someone outside your company you are trusting their email systems are as secure as yours. What if they’re not? How private are those private conversations now? All of this information is sensitive. All of it should be protected. All of it should be sent and received through a secure messaging app with end-to-end encryption.
6) How can secure messaging work with BYOD?
More and more companies are saving money—and increasing employee satisfaction—with Bring Your Own Device (BYOD) policies. Companies are letting their employees use their personal devices for work for two reasons:
- To save on capital costs
- Allow their employees to work more productively with a familiar device.
Companies think BYOD’s a no-brainer, but many companies don’t think about how secure personal devices are:
- How careful are your employees with their devices?
- Are they loading apps with spyware or malware?
- Are they keeping device software updated?
If you don’t think about how secure personal devices are, and take a few precautions, you could be compromising security for convenience.
We often consider the most computer savvy employees are the safest, but here’s an interesting tidbit, even most computer savvy people aren’t always great at computer security. In fact, computer savvy users are more likely to get hacked than other computer users precisely because they think they are too smart to be hacked.
What does this mean for you? Well, that new phone your employees are using might be riddled with malware and be a perfect way for hackers to get inside your network. BYOD has made things cheaper for a lot of companies, but it’s also made it easier for hackers to exploit phone and laptops that might not be as secure as a company-managed device might be. Secure messaging can’t fix or prevent all the risks of BYOD, but secure communications apps do protect work-related conversations by keeping them in their own part of the device, separate from their personal activities.
For added security companies can employ Mobile Device Management (MDM) software to remotely manage the work portion of the device—even deleting them if a phone is lost or stolen—so your company information remains protected.
Many MDM solutions let administrators know if a person’s device has been compromised so it can be isolated and prevent a hack from spreading throughout an organization—as we saw with the Wannacry ransomeware epidemic. Office documents (Word, Excel, and Powerpoint) are to blame for 38% of malicious files. If you can isolate devices and files quickly, and remotely, you are more likely to stop an attack in its tracks.
7) Can secure messaging actually be made easy!
Yes, really. It’s easy to get started with secure communication apps. Most apps today are simple to download, use, and affordable to most companies. If your employees use email, text, or use other messaging apps on their phones, they can use secure messaging apps. They won’t notice a difference, except knowing their messages are secure, protected, and private.
Most experts say that the number one barrier to people using secure messaging apps has always been getting started using the app. Secure messaging apps in the past didn’t integrate well into anyone’s digital life. They were hard to set up, hard to use sometimes with extra steps many people would forget to do.
SKY ECC makes security painless with cutting-edge features built for you. It’s quick to get started with our devices, requiring only a few taps to set up your account, and then you’re done. At SKY ECC, we believe that people need simple, but still extremely secure, messaging and collaboration tools they will actually enjoy using and are user-friendly.