Solution Specialist Cyber Security, Vodafone Enterprise Security
“Messages to this chat and calls are now secured with end-to-end encryption.”
This is the statement WhatsApp uses to tell us that the conversations we’re having are private. But what does it really mean? And how much attention do users really pay to these notifications about their information security?
For example, many WhatsApps users probably aren’t even aware of the recent malware skygofree, which has been stealing WhatsApp messages and recording phone calls on people’s android devices. WhatsApp have since patched this vulnerability, so it is crucial that you have updated your WhatsApp to not fall victim to these attacks.
Encryption is all around us, from unlocking our cars with electronic key fobs, to logging onto our work computers in the office, to making card payments online. To put it simply, encryption scrambles information, or data, and makes it illegible using a mathematical operation known as an algorithm. The data can only be unscrambled using a unique code or key. This key is known only by the sender and recipient - meaning no one else can read the data, even if they should manage to get hold of it. Encryption is just one of many security methods in use today to protect our assets in a cyber world.
But onto the more interesting question: “Why should we care?” Well to a cyber-criminal, your personal information is incredibly valuable. Authentication credentials (passwords), names, addresses, phone numbers and credit card details are all sold in bulk on the dark web, with ‘premium’ information selling for hundreds, sometimes even thousands of pounds. It’s a lucrative business. And when an identity thief has access to your personal information, they can open bank accounts, take out mobile phone contracts, order goods, obtain loans…all in your name. Encryption and other security tools are therefore essential to safeguard your information. But can you sit back and rely on the businesses you deal with to handle it?
It has now become commonplace to see large organisational data breaches in the news. Household names such as Equifax, Yahoo, Uber, Sony and eBay are all very different organisations but they have one thing in common; they have been victims of some of the largest data breaches of the 21st century. And the result? The personal information of millions of customers leaked. It is a sobering thought that most of the people reading this blog will have an online account associated with at least one of these companies.
It is not just the big names and large organisations facing data breaches either, small-medium sized enterprises (SMEs) and single office/home office’s (SOHOs) are equally as vulnerable (or even more so), as they often do not have the security measures in place. According to the latest Zurich SME Risk Index, more than 875,000 SMEs in the UK fell victim to a cyber attack last year. Cybercriminals simply care about the value of the data; size does not matter. They see smaller businesses as the weak link into larger organisations and as they are more likely to pay the ransom, they are much more profitable.
But the battle is far from lost and it’s much bigger than just encryption challenges! In Europe, the
, will hold organisations that process and hold personal information accountable, by requiring them to demonstrate how they are complying with key data protection principles. GDPR will enhance the rights of data subjects, strengthen the protection of children and impose higher fines on organisations who do not comply with the rules. GDPR is all about making organisations more aware of the data they have. They must understand where the data is, how sensitive it is and what the data is used for. In essence, it demands them to gain complete visibility of their systems, especially as data breaches have to be announced within the first 72 hours. Organisations can no longer hide what has happened, and are required to have a Security-by-Design approach to data protection.
However, as individuals, we must take some responsibility. Research has shown that almost 90% of cyber attacks are caused by human error. Organisations must provide the correct training to help their employees spot phishing emails and to change the security culture in their organisation. Employees need to understand their security responsibility.
Also, we can all secure our information - our most valuable asset - better by exercising some really simple cyber security ‘best practice’. Use a unique password for ALL of your online accounts; if a data breach does occur, they won’t all be at risk. Ensure you can see ‘https’ and the padlock symbol whenever you are entering personal information on a website; this means your information is being encrypted.
And make sure you are using the latest version of WhatsApp!
Cyber security is a key concern for organisations of all sizes. Protecting devices, networks, data and apps is an essential component of doing business. Vodafone provides security products and services to businesses of all sizes, helping you secure your business anywhere because we are everywhere. We are trusted by organisations globally, including utilities, financial institutions and government agencies. For more cyber security, insights, you can find us on Twitter and LinkedIn.
Gartner has positioned Vodafone as a "Leader" in its Magic Quadrant for Managed M2M Services, Worldwide report 2017, for the fourth consecutive year