How Secure Are Your Email, WAN and Chat Solutions?

Thank you Ivan Schepers from MWare for this great article which highlights the security challenges companies face in their key communication channels.

The recent cyber-attack on retail giant Dis-Chem, coming barely two months after a similar attack on credit union Trans Union, has once again thrown the spotlight firmly on the critical importance of data security.

?In Dis-Chem’s case, their customer data was looked after by a third-party service provider, and the attack exposed the names, email addresses and cell phone numbers of over three and a half million customers.

?To date, Dis-Chem says there is no indication that this information has been misused, but there is obviously no guarantee that this will remain the case.

?As a precaution, the company is advising its customers to:

• Refrain from clicking on any suspicious links they may receive in emails.
• Refrain from disclosing any passwords or Personal Identification Numbers via e-mail, text or social media.
• Change their passwords.
• Perform regular anti-virus and malware scans and ensure software is up to date.
• Only provide personal information when there is a legitimate reason to do so.

This is good advice for anyone with any kind of online presence, but it’s a stark reminder of how vulnerable our sensitive information is, and how - despite POPI and GDPR regulations - we can’t actually rely on anyone other than ourselves to keep it safe.

Of course, the Dis-Chem attack is just the latest in a worryingly long line of global incidents, and organisations are asking themselves what more they can do to keep their own - and their clients’ - information safe.

Encryption is one of the most effective ways to protect your data. This is the method by which information is converted into secret code that hides its true meaning.

It might surprise you to know the practice has actually been in use since long before the digital era. In fact, we can trace encryption practices as far back as 1 900 BC, when Egyptian scribes used non-standard hieroglyphs to hide the meaning of an inscription.

In 700 BC, the Spartans wrote sensitive messages on strips of leather wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of the same diameter, the recipient could recreate (decipher) the message.

Later, the Romans used what's known as the Caesar Shift Cipher, a mono-alphabetic cipher in which each letter is shifted by an agreed number.

The science of encrypting and decrypting information is called cryptography, and in recent times, it’s been used almost exclusively by governments and large enterprises. It was only in the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published, and the first PCs were introduced, that encryption became more widely practiced.

In 1976, Whitfield Diffie and Martin Hellman's paper, "New Directions in Cryptography," solved one of the fundamental problems of cryptography: how to securely distribute encryption keys to those who need it. This breakthrough was followed shortly afterward by RSA, an implementation of public key cryptography using asymmetric algorithms, which ushered in a new era of encryption.

By the mid-1990s, both public key and private key encryption algorithms were being routinely deployed in web browsers and servers to protect sensitive data.

So, how does encryption actually work?

To be effective, a cipher includes a variable as part of the algorithm. The variable is called a key and it is what makes a cipher's output unique. When an encrypted message is intercepted by an unauthorised entity, the intruder must guess which cipher the sender used to encrypt the message, as well as what keys were used as variables. The time required, and the difficulty of guessing this information, is what makes encryption such a valuable security tool.

Today, encryption is used to protect data stored on computers and storage devices, as well as data in transit over networks.

There’s no doubt the three areas most vulnerable to a security breach are email, our server network, and chat, such as WhatsApp.

Email

Dr Catherine J. Ullman, Senior Information Security Analyst at the University of Buffalo in New York, says that, "Although you need credentials to log in and access the e-mail in your mailbox, email is by default sent from server to server in clear text that can be read by anyone while in transit.”

This is worrying enough, but there are additional areas of concern as well. When you send an email, you don't know how many networks or servers the message will pass through on its way to the recipient, or who has access to it en route. In addition, email sitting on your device may be accessible to a third party - and don't forget the common error of emailing a message to the wrong recipient!

Networks

How secure is your business? You only have to read the news to know our networks are under constant attack. How can we secure our network level traffic? ?Can we make our network invisible? These are common yet critical questions every business must answer.

According to a Verizon report on ransomware, social engineering and phishing, small and medium-sized businesses (SMBs) are a major targets for cyber-attacks. In fact, 43% of all data breaches occur in small businesses.

The reason for this is clear:

SMBs are lucrative and interesting targets because they either aren’t as concerned about information security, or they simply don’t have the budget to adequately protect themselves.

One of the best ways to protect your business network is with end-to-end encryption (E2EE). This is a system of communication where only the communicating users can read the messages. It is intended to prevent data being read or secretly modified by anyone other than the true sender and recipient(s).

In principle, it prevents potential eavesdroppers - including telecom providers, internet service providers, and even the provider of the communication service - from accessing the cryptographic keys needed to decrypt the conversation.

Chat

Let's face it, we all have personal or business information shared in "unsecured" messaging platforms like WhatsApp or Facebook Messenger. The problem is, communication happens on the device where it was sent, so if there is a vulnerability, it can be breached directly on the device.

So what can we do? The answer is encrypted chat.

An encrypted chat cannot be read or manipulated by anyone except the person on the other end. This means no one can know who you are, where you are, how you are connected to the network, or what you are saying.

So, how can we make our digital information and communications more secure? Here are some suggestions from automated business solutions specialists, MWare:

Email

To protect personal and business emails, an automatic encryption solution, such as SecureEMAIL with end-to-end encrypted mail, offers benefits including:

• Reduced risk of unauthorised access to confidential email communications.
• Own your own data - only the sender and receiver have the keys to decrypt the email and attachments.
• Secure communications with 3rd parties - even when using public or free email service providers.
• Seamless integration - encrypt with just one click

Network

Protect your Wide Area Network (WAN) from external threats using a WAN encryption solution like StealthWAN. It also encrypts all communications between your head office, branches, and Internet of Things (IoT) devices.

Benefits of this kind of encryption include:

• Reduced costs – utilising the Internet as a secure transport layer greatly reduces the cost of legacy network infrastructure.
• Improved uptime – seamless network failover between multiple connectivity media.
• Seamless deployment that can be automated with provisioning capability.
• Compliance.

Chat

For secure, real-time communications on social media applications, solutions such as , SecuriCHAT mean all conversations are secured through local hosting and data sovereign capabilities. ?

Benefits include:

• Full log functionality of activities on the system.
• Privileged audit capabilities to review message and attachment content.
• Payloads are sent securely through the platform

The data and devices that make up your business are constantly changing. You may have changed your tactics to protect yourself, but never forget that cybercriminals have changed their methods, too. They are always improving, evolving, and adapting, and are always ready for an opportunity to try and break in and steal your data.

It’s critical to constantly monitor your cyber defences.

If you’re concerned about safeguarding your information from hackers, identity thieves and foreign governments, you can call MWare on 082?824 7068 or visit them at www.mware.co.za.