Most people are now familiar with end-to-end encryption

They use services like WhatsApp, which apply the technology to personal and group chats, but few consider it for business records. This is rather strange when you think about it, given the fact that most people recognise those business records as being far more confidential than most of the things we discuss in private chats. However, this needs to change, because the organised crime syndicates that develop Ransomware are expanding exponentially through a franchise systems known as Ransomware as a Service, and one of their business growth opportunities is extorting ransom payments to avoid business data being sold to other criminals or used to extort money from business customers and stakeholders.

The interesting thing about encrypted chat services is the huge number of non-technical users who are perfectly happy managing membership of chat groups, compared with the tiny proportion that are comfortable managing access controls on business records. However, this also needs to change, because we now know that delegating this responsibility to IT professionals is a recipe for disaster from a cyber security perspective, and it needs to become accepted as a core management responsibility that can be delegated from business owners and principal officers to the wider management team and then to individual team members.

This may present a cultural shock initially, but the justification becomes obvious as the team gains more understanding of the cyber security benefits of directly controlling access to business records. It also becomes obvious why business owners and principal officers would want to create business policies, which define rules about who can and cannot be granted access to various types of business records, how legitimate user access should be authenticated, and controls to restrict bulk access.

 

 

Contact Us

    Item added to cart