2016-08-08 12:00

Why your business has a huge lack of security

Why Your Business Has A Huge Lack Of Security
There are many team messenger apps out there, all of them aiming to optimize your daily work communication. They are great when the need comes to a quick and easy business chat including nice features and service integrations. But unfortunately all of them have a huge lack of security that could lead to a great risk for your business and even the enterprise.

All existing email, chat, file sharing and file storage apps are widely vulnerable to hacker attacks. There are relatively few actual solutions that protect your business or the large enterprise from cyber attacks. Those attacks mostly originate in the supply chain so once attackers enter small organizations successfully they could access the large enterprises those small companies serve [1].

If you remember, not that long ago there was unauthorized access to a Slack database storing user profile information [2] so this scenario is not that far away. And there are many other ways hacking Slack accounts - sometimes it is as easy as searching GitHub [3].

But it is not only Slack we have to mention here. It is indeed all your emails, chats and files that are not private anymore, and they are certainly not secure. Your privacy and security at work is lacking and most victims of hacker attacks aren't even aware of it. In 2015 according to [4] 70% of businesses were hacked while 61% of these attacks targeted small-medium sized businesses.

All of the known companies like Slack, HipChat, Dropbox, Gmail etc. have been hacked to steal customer passwords or data. But they continue using insecure technologies, still not able to protect their customers data. So why should the customer trust them? Aren't they aware of the fact that the most direct threat to maintaining consumer trust is negative personal experience - regarding to the data collected by the NTIA, that serves as the US President's principal adviser on telecommunications policies pertaining to the United States' economic and technological advancement and to regulation of the telecommunications industry [5]? While private households are concerned about online privacy and security risks, business people seem to be unflappable.

But it is not only about protecting your data against hacker attacks. It also is about keeping the privacy of your content when stored on unknown machines somewhere in the cloud. When web app companies promote the security of their cloud service or software product they mostly speak of their usage of a special transport encryption protocol called TLS (Transport Layer Security). TLS encrypts communications between a user and a server, which means that on its way, messages and data are secure. But they are necessarily decrypted at the server before being stored in the database unencrypted.

From my point of view users must be able to trust that their information stored in the internet will be secure and their privacy protected, wether it is medical data, contracts, business communications, or even intimate private conversations. So in the end it is all about the trust. But without security as the foundation, trust is impossible.

On the other hand, rethinking the cloud concept should be a solution: Why should you store your data on external servers that are possibly located in foreign countries when you could use the modern technology concept of a decentralized network? Think of intelligent algorithms that merely supply the connection between your own data holding devices like your office desktop computer network and your smartphone while the actual data (conversations, files etc.) is synchronized automatically or shared between chosen users, linked to each other over a self-building end-to-end secure peer-to-peer network. Sounds futuristic and complicated, but it isn't. That's Sid and you need zero administration and only a few seconds to set it up.

Would you still call your data secure when it only is encrypted on its way to the storing server? Would you still call your data private if hackers or companies are able to read it?

While security is rarely a selling point and most people choose cool features over security the situation will not change. And as long as you use insecure software you and your company will be part of the huge lack of security stack. Well, lets change that! Give Sid a try! Write about it, invite your friends into groups to chat securely, share files peer-to-peer within teams or move them easily from device to device.

According to Silicon Allee Team [6] general distrust for online services is about 91%, smart users take privacy seriously and they love privacy friendly startups. According to Detracker [7] 20% of users in the UK and Europe said they will pay more for a service that offers privacy guarantees over a competitor that doesn't and Symantec reports that 88% of users say privacy compliance is more important than the quality of the product.

I urge evidence! Add me as contact if you have any questions or improvement ideas. Or join my Sid group for further discussion.

×