Businesses are more worried than ever about data privacy. Large corporations, social media platforms, and financial institutions have all suffered hacks recently. But enterprises still need to communicate and are turning to encrypted chat apps. The problem is, « encryption » might not mean exactly what you think it does.
Cybercriminal sophistication is increasing by the day. What was secure yesterday might not be secure tomorrow. But businesses that handle sensitive data via chat need top-level security. This goes for health, financial, or governmental defence sectors, for example. Unfortunately, there are certain misconceptions and myths about what encryption really means.
From defining end-to-end chat encryption to regulatory compliance, here are the top five myths you need to know.
1. End-to-End Encryption is Impenetrable
There are plenty of apps that boast “end-to-end” encryption. But as one cryptographer from Johns Hopkins university, Matthew Green says: “Encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to.” Even if chats are end-to-end encrypted, an individual could take a screenshot, show the message to someone else, or mishandle the data in other ways.
Today, the phrase end-to-end encryption is more marketing jargon than a specific product feature. When using an enterprise messaging app for business, there’s no guarantee that you’re fully protected from hackers and cyber criminals. For instance, many so-called secure “end-to-end” enterprise messaging apps synch data between devices and the cloud.
Having data sent to the cloud gives hackers one more vulnerability point to potentially access private data. Often end-to-end encryption means that messages are indeed fully protected on your smartphone, iPad, or laptop. However, data often needs to be decrypted when it reaches the cloud. There are many highly secure enterprise messaging apps on the market, but to believe they’re invincible because they say “end-to-end” would be a mistake.
2. Encrypted Chat Apps are Equally Safe
There are various encrypted apps on the market that look similar at first glance. But businesses often fail to recognize subtle differences in how they function. Encrypted chat apps use different technologies and take varying levels of security measures. If you take a « just pick one » approach to encrypted chat apps, you’re buying into myth number two.
Some apps, for example, collect and store metadata on their own cloud servers. Others go out of their way to store very little. Metadata is high-level information about the chat, like who you talked to and when. So, although the contents of your app aren’t accessed or stored by the app, metadata is still dangerous.
Hackers have stolen metadata from technology providers before to access private data. Chat apps are no exception. And metadata storage is only one aspect where apps differ. For example, the highest encrypted apps allow only sender and receiver to modify messages. Lower security apps don’t have this feature. It might be tempting to think that most business chat apps have similar security levels. But that’s just not the case.
3. Only Sensitive Info Needs Encryption
It’s common for many businesses and organizations to think, « I don’t handle top secret info in chat. So why do I need encryption? » Unfortunately, that’s exactly what hackers and cybercriminals want you to think. Even if your private, sensitive information is elsewhere, unencrypted chat is a liability.
Hackers look for endpoint vulnerabilities or weak links in your cybersecurity chain. Even if the data in your chat isn’t what they’re after, it might still be valuable for other attacks. It can clue them into how to conduct phishing or social engineering attacks. Or figure out which individuals and emails to go after.
This myth is particularly dangerous to industries like finance, healthcare, and defence. The « Crown Jewels » in these cases are quite valuable. Credit card numbers, private health info, and government defence codes. It’s a huge mistake to think that only chats with this information need encryption. Instead, you should consider organization-wide encryption mandatory.
4. Encryption Always Equals Compliance
Many industries that work with sensitive data are subject to regulatory compliance. It’s part of the reason they take security so seriously and turn to encrypted chat for more privacy. Businesses then tend to assume that using an encrypted chat app is compliant. If a breach does occur, regulatory agencies will become involved. And they’ll take a hard look at if your encryption app meets their standards.
The main issue with this myth is that many businesses don’t know the in’s and out’s of regulations. In some cases, they aren’t even aware of which regulations apply to their industry. The EU’s General Data Protection Regulation (GDPR), for example, has its own set of standards. And if you operate in fields like banking or healthcare, there’s even more regulations.
The pain of believing this myth often comes after hackers have done their dirty work. Regulators will come in, analyse the root cause and assess the aftermath. If they find that your chat app wasn’t up to par – even if it’s encrypted – you could be in for hefty penalties. Never equate encryption with compliance. Always dive into the details and be 100 per cent positive.
Encrypted chat is an obvious security measure for most B2B enterprise communications. But don’t take a laissez-faire approach to choosing secure internal messaging tools. Encryption is a word that’s thrown around a lot, and it means different things in various contexts. Don’t assume that « end-to-end » means impenetrable. Recognise that encryption isn’t only for Top Secret military codes. And make sure the encrypted private messenger app you’re using is compliant to the letter.