The importance of secure communication in the workplace

Wire's Alan Duric on the necessity of end-to-end encryption

Earlier this summer, we saw the worst ransomware outbreak in history, in the form of WannaCry. According to Cyence, a cyber risk modelling firm, global revenue losses are purported to be in the region of $4 billion. Players of all sizes in the public and private sector were affected, with patient records and financial datasets being exploited.

Figures suggest that cyberattacks of this nature will only become more rampant; the consequences of which will make businesses 'wanna' cry'. Juniper Research predicted that 2.8 billion customer data records will be stolen by the end of this year alone; a figure that is expected to triple within five years, amounting to $8 trillion' worth of financial losses.

Despite such staggering projections, businesses are frequently failing to address the issues. In fact, only 42 per cent of SMBs are concerned about ransomware, and over a quarter of small business personnel lack cyber training. SMBs are falling short on their cybersecurity strategies, and leaving themselves wide open to risk.

This emerging paradigm has wider implications than just monetary loss. Increasingly stringent rules and regulations like the GDPR, which will be implemented in May 2018, mean that enterprises will have a far greater obligation to protect both internal and external data. Failure to do so will result in hefty fines and loss of public trust. However, there are certain measures a business can take to safeguard themselves, their customers and their revenue. One of the most important of these is secure communication.

Against a backdrop of ever-increasing digital risks, secure business communication has become essential. This has propelled demand for platforms that offer end-to-end encryption (E2EE). More data is shared within organisations over communications platforms than ever before, which has opened a new arena of complications with regards to data breaches, an arena within which only E2EE can do battle.

E2EE provides another layer of protection as keys are only stored on each user's device, one at each end of the conversation, and only these keys can unlock the contents of the message. New keys are generated for any communication at both ends (each device), so should someone gain access to one message, they will not be able to see to all future communications. This approach ensures all communications are kept private and secure, dramatically reducing risk.

There are a number of key drivers for E2EE from businesses:

However, using an E2EE communications tool shouldn't mean sacrificing essential business functions, such as secure file and screen sharing and video calls. Fortunately, there are now solutions available that combine the security benefits of E2EE with a non-technical user interface and the tools businesses rely on.

The need for E2EE is further compounded by the GDPR, which will require companies to implement greater levels of protection to their customer data. Securing communication streams is integral to this. Enterprises that breach GDPR are playing with fire, not only with their reputation, but financially. Fines amounting up to 4 per cent of global turnover could be administered to firms who do not adequately protect their interests, a penalty which could mean huge financial repercussions for companies not playing ball.

There's no denying that the high level of security offered by E2EE platforms is needed to ensure that data is protected sufficiently. This demand is particularly elevated when we look at the pace of technological advancement, and the various complications that come with it. For example, we're likely to soon witness a need for E2EE for the Internet of Things - to manage management of self-driving cars and other remote devices.

Whilst secure communication will fortify a firm's cyber defences, businesses need to think carefully about how safe and, more importantly, how reputable a secure communications platform is before implementing it in a business model. Just this month, Lookout Security Intelligence discovered malware hidden in a messaging app called SonicSpy: malware under the guise of an enterprise communications platform for workers who travel abroad, available on Google Play - a trusted app store.

This incident exemplifies a wider issue revolving around how companies prioritise cybersecurity within the workplace, as it indicates that companies do not have sufficient awareness over the applications that are being used on their employees' devices. The boundaries between personal and business communication are blurring at an increasing velocity, meaning that unsafe and unsecure applications have become rife within workplaces, which carries huge risks. Apps like SonicSpy can open businesses up to threats, surveillance and extortion, and the onus is on business decision makers to implement policies to protect themselves, and promote apps that are suited for both business and personal use.

Data breaches on the scale of WannaCry can be avoided. Moving forward, we're likely to see more sophisticated cyberattacks being deployed by criminals to invade our privacy, but secure communication is the frontline of defence. In the coming years, E2EE will become crucial for enterprises so they can protect their assets adequately and meet regulatory standards. But ultimately it's about the people within that enterprise. More people are worried about privacy and security - over 80 per cent more than last year - which means employees need to be reassured that their workplace is taking measures to protect their data. For companies and workers alike, E2EE could not come at a better time.

Alan Duric is a co-founder of Wire, and serves as its CEO. He was an early pioneer of VoIP, and has founded multiple other initiatives such as Telio Holding ASA, now NextGenTel Holding ASA.