Encryption: Beyond Good & Evil

"That which an age feels to be evil is usually an untimely echo of what was formerly considered good - the atavism of an old ideal." - Friedrich Nietzsche

Encryption is a funny thing, and one of the major cybersecurity challenges facing businesses today. For those who don't know, encryption works to keep your data private during transmission by accompanying messages or files with a set of secret keys. These keys can only be deciphered by the proper recipient, and change continuously so they cannot be cracked by even the craftiest hackers.

However, just like the quote above suggests, encryption can be considered good or evil depending on its context. Below we will look at some of the challenges surrounding encryption and what you can do to keep your business safe.

Good? Evil? Or Chaotic Neutral?
Encryption is still considered the pinnacle of digital security, although there have been efforts to circumvent its efficacy. For example, WikiLeaks revealed that the CIA had developed a method to bypass encryption on popular apps like Signal and WhatsApp. To be clear, it's not that these apps were rendered useless, but rather new \"techniques permit the CIA to bypass the encryption\" by hacking smartphones and \"collecting audio and message traffic before encryption is applied.\"

To say this another way, a hacker or intelligence agency could track your online communications by installing malware on your device - such as a key logger - which can save your keystrokes or voice before the message is encrypted and sent to your colleagues. This is very controversial since law-abiding citizens use encryption to protect themselves from digital incursion, but encryption could also be used to cloak nefarious communications.

But that's not all. Cybercriminals have also used encryption technology to develop ransomware attacks which lock a device or network from the inside. Since the key is only known to the aggressor, businesses are unable to regain access to their systems unless they pay an extortion fee (or ransom) for its release. Ransomware is a growing problem for businesses, as evidenced by the recent cyberattacks in the U.K. and attacks on healthcare facilities in the United States.

Thankfully, avoiding malware and ransomware scams is relatively straightforward:

  • Never open emails, links or attachments from suspicious or unfamiliar sources.
  • Never download third-party software from dubious websites (including 'computer cleaners' and 'flash players' from TV streaming sites).
  • Avoid unapproved applications and add-ons as malware can infect mobile devices as well.  

Even if these suggestions are crystal clear, many employees still fall for hackers' cunning tricks; which is why it is so important to educate your staff about online threats. Consider hosting regular training sessions for your in-house and remote teams.

Here's the bottom line - You need encryption to protect your data from prying eyes. Encourage your staff to only send files and communications over encrypted messengers and to only save data to encrypted storage (whether it be on-premises or cloud-based solutions).

If encryption is used against you in the form of a ransomware attack, be sure to communicate the crisis to your cyber insurance provider. CyberPolicy, for example, is happy to assist you with the financial damages caused by network downtime and data breach.

Do your best to stay safe online. But if your defenses are violated, CyberPolicy is here to help. Start with a free quote today!

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375