Although awareness of email and SMS vulnerabilities continues to rise, risks remain prevalent among businesses of all sizes. From advanced email phishing threats to SMS phishing, known as “smishing,” these two forms of cybercrime are responsible for almost 90 percent of all cyberattacks. For less than $50, a hacker can purchase a phishing kit on the dark web and disseminate malicious emails to thousands of inboxes until just one person takes the bait – giving the hacker access to confidential communications and data containing sensitive information. Smishing, which uses SMS to achieve the same objectives, has increased in frequency exponentially in recent years. In Q2 2017 alone, Kaspersky Labs identified a 300 percent increase in smishing attacks. (For more on phishing, check out Whaling: Phishers Look to Land a Big Catch.)
Attempts such as these are not the only factor prompting organizations to reevaluate their reliance on email and other digital communication channels, as external adversaries can also access communications while in transmission. Just recently, the Electronic Frontier Foundation (EFF) reported that emails sent using some of the most common encryption standards could be easily intercepted, decrypted and hacked.
The Adoption of Consumer-Based Secure Messaging Apps Skyrockets
Such risks have prompted many businesses to turn to popular consumer-oriented messaging applications such as WhatsApp, Telegram and Signal, among others. Additionally, employees at companies that have not issued such a directive have in some instances taken it upon themselves to download and use these apps. Appealing because they offer both end-to-end encryption and ephemerality, users have a preconception that such technology can provide some of the security that email and SMS cannot, ultimately protecting both senders and the recipients from outside interference or propagation.
By offering end-to-end encryption, messages are protected from the sender to the intended recipient, preventing certain types of cyberattacks during transmission. Many know these as man-in-the-middle attacks. These apps are widely recognized as less risky alternatives to email or SMS, as only approved senders that are “members” or who download the app are granted access to send messages.
In addition, the ephemeral component of secure messaging apps means that messages and other media shared between mobile devices will automatically disappear once it has been initially viewed by a recipient. Many assume that this means that information cannot be saved, shared, stored or otherwise forwarded by a recipient to others. This is where the security paradigm breaks.
Consumer Messaging Apps: A False Sense of Security for Business
Unfortunately, since consumer-grade messaging applications weren’t initially designed with the intent of organizational use, they are not adequately equipped to provide the security required for business. Although end-to-end encryption protects against outside monitoring when messages are in transit, consumer-grade messaging applications provide no protection against someone screenshotting, sharing or forwarding a message to an unintended recipient. This means that once a message is received, it can be leaked with relative ease. The fact of the matter is that encryption, in and of itself, only goes so far to keep communications protected. (Think that deleting data means hackers can’t see it? Think again: Never Really Gone: How to Protect Deleted Data From Hackers.)
A More Secure & Comprehensive Communication Channel for Business Users
For businesses that depend on digital communications, crave the convenience of messaging, but also demand the highest level of security, there are enterprise-grade secure messaging platforms that offer much more than just encryption and ephemerality.
Exclusive to enterprise-grade secure messaging platforms is that the sender maintains complete control of the conversation, the data shared and its use at all times. Beyond protecting data while in transit, this means that the sender can instantaneously remove a message from a conversation even after it has been sent. Messages cannot be shared or leaked to an unintended recipient again. Additionally, certain secure communication platforms offer compliant ephemerality, meaning that messages automatically expire from devices while also ensuring a single copy of communications is archived for compliance and legal mandates.
Enterprise-grade secure messaging is also an ideal solution for managing crisis and incident response situations, as communicating with your employees, stakeholders, and sometimes even customers can be critical to success. The last thing an organization needs during a crisis is for information to be leaked to the media or to a competitor, so having complete control over communications is imperative.With the additional benefits offered by enterprise-grade secure messaging platforms, it’s hard to understand why businesses still rely on highly vulnerable digital communication methods such as email or standard SMS text. To truly limit risk, both of which could be detrimental to an organization’s livelihood and reputation, businesses need to reevaluate their communication tools and consider solutions that go beyond encryption.
Written by Galina Datskovsky
Dr. Galina Datskovsky, CRM, FAI and serial entrepreneur is an internationally recognized privacy, compliance and security expert. Galina is the CEO of Vaporstream, a leading provider of secure, ephemeral and compliant messaging. Full Bio
Originally posted on Techopedia on December 5, 2018 by Dr. Galina Datskovsky.
*** This is a Security Bloggers Network syndicated blog from Vaporstream authored by Galina Datskovsky. Read the original post at: https://www.vaporstream.com/blog/secure-messaging-beyond-encryption/