With the widespread adoption of cloud computing, keeping sensitive information secure from vulnerability isn’t easy.
Digital communication is the backbone of organisations. But in this time of remote or hybrid working environments, when businesses stay in touch with colleagues and clients across channels, new security risks have emerged.
Digital transformation has increased the supply of data moving. While every organisation must comply with data protection acts and, with that, safely maintain all registered company information, organisations are constantly adopting new digital services that can leave businesses open to attack and infiltration. There are numerous cases of major banks, insurance firms, and energy companies being attacked by hackers due to weak security and vulnerable communication channels.
Data breaches happen on an almost daily basis, exposing email addresses, passwords, credit card numbers, social security numbers and other highly sensitive data.
In 2017, the credit reporting agency Equifax announced that hackers gained access to sensitive personal data of up to 143 million Americans, a significant cybersecurity breach at a firm that serves as one of the three major clearinghouses for Americans’ credit histories.
In 2020, with over 600 million users, Sina Weibo, one of China’s largest social media platforms, announced that an attacker obtained part of its database, impacting 538 million Weibo users and their personal details, including real names, site usernames, gender, location, and phone numbers.
In June 2020, LinkedIn saw data associated with 700 million users posted on a dark web forum, impacting more than 90 per cent of its user base. The hacker used data scraping techniques by exploiting the site’s (and others’) APIs before dumping an information data set of around 500 million customers.
Some of the biggest organisations have become or are susceptible to data breaches. Figuring out how to secure digital communications is crucial for businesses to prevent compromise and exploitation of insider information. Evidently, hackers don’t care how big or small a business is, they want data. Some hackers only target large corporations, but many target small businesses because they know security is weaker.
To make sure you don’t end up falling prey to the next significant data breach, here’s what you should be doing to secure digital communications:
Encrypting and securing all customer support emails seems unnecessary but accidental disclosure of sensitive data can happen. Take remote connections as an example. Emails sent and received from unsecured networks can pose a security risk. An employee connected to an unsecured airport wi-fi could have his emails intercepted by a cybercriminal with relative ease.
So how do you secure your communications? The best call for action is end-to-end encryption. In short, it allows you to impart your messages with a digital lock, and only those with the key can open them.
If your business is bound by compliance rules like PCI or HIPAA, you can’t send certain emails unencrypted. A third-party email encryption service is a good solution as well. It scans your data before sending.
Also, with the ongoing pandemic, video conferencing is a standard way for remote and overseas teams to communicate. With so much focus on improving the quality and outcome of conferences, there’s been little focus on security. However, encrypting and securing your video conferences is vital.
Video conferencing signals have been using AES encryption for a long time, and it’s not easy to hack. However, if you’re not careful with your call-in settings, you could end up with your sensitive data being compromised. Security expert HD Moore gained unauthorised entry into the boardroom meetings of high-profile corporations that used expensive, high-definition conferencing units, not web-based solutions like Skype and Slack. However, web-based applications can be equally insecure. Moore’s ability to take control of the camera proves that without changing some specific security settings, people can join your conference undetected.
To truly secure business communications, organisations must incorporate applications that support end-to-end encryption. That means encrypted chat applications, VoIP phone systems, video conferencing programs, file-sharing platforms – the entirety of communication platforms. The IT team must configure a gatekeeper to connect calls that come in outside of your firewall.
This is where brands like Vonage come in. They conduct periodic security audits, identify vulnerabilities, and use firewalls and logical access control to protect servers from unauthorised system access. Ensuring failovers exist at several levels to maximise uptime and taking regular offsite backups of essential data to ensure business continuity.
After the cybersecurity team carries out a risk assessment, enterprises need to have a clear set of communication security policies to understand the potential risks better. These will include which types of content can be sent and viewed and by whom. They’ll also need to encompass other areas, such as system and network management, digital asset management and vulnerability management. Security policies have to account for human fallibility so that something as simple as a group video chat doesn’t turn into a security risk.
Many times organisations have no knowledge of how much data classified as confidential is sent outside of the company by email and whether the information is secured at an adequate level. Therefore, data loss prevention (DLP) must be a top priority for organisations to protect data and meet compliance requirements.
And, while there are thousands of threat vectors – from devices to file sharing applications to physical security – email is the one security leaders are most concerned about protecting. DLP, especially with remote or hybrid working environments, can protect against insider threats, data exfiltration, and the all-too-common acts of unintentional data loss, for example, a misdirected email or miss attached file. Also, ensure that there is a monitoring system that alerts the enforcement team to unauthorised app usage, failed attempts to gain access, etc.
Training staff is key
Hosting regular training to spread awareness of the threats that can attack communication channels is as important as advanced security tools to encrypt messages. Training can cover everything — from wi-fi security to VPN tunnelling, as well as how to spot malicious communications. Best practices of communication security include not sharing sensitive information through email, regularly changing the passwords for different accounts, using multi-factor or two-factor authentication to access data, scanning and otherwise screening messages for malicious attachments or suspicious behaviour and separating business and personal communication channels from both work and personal devices.
It is essential to know how to accommodate the solution to the needs of the business. First, define possible security holes and identify the threat. After that, the organisation can ponder how to respond to these challenges. It might seem like a mammoth task, but well-enforced, simple measures can do a lot to secure digital communications.