The Drive For Secure Communication

February 2022

The way we communicate has evolved

The way we communicate has evolved dramatically since the invention of the telegram back in the 1800’s. Another evolution (of sorts) has been largely brought about by the challenges of COVID-19. The global pandemic saw global institutions having to adapt to an entirely remote working model, almost overnight. In addition, the number of communication tools available to organisations and their employees have really taken off in the last 18 months or so. This is especially true of the likes of WhatsApp and Zoom, for example – once used almost exclusively for personal use but driven into the hands of enterprise as an answer to the communication challenges of a largely disparate workforce.

And so with more flexible working patterns, with workers no longer tied to an office desk and with technology providing the support for people to work from anywhere, what are the challenges from a security perspective? What problems arise when you increasingly blur the (technological) lines between your work and your personal life?

As we have seen, technology has been a great enabler when it comes to dealing with a predominantly remote / working from home (WFH) workforce. Organisations of all shapes and sizes and in every sector imaginable, have relied upon technology to keep their people connected, communicative, productive and secure.

A great example of this is the smartphone (smart device). In the UK alone, it is projected that the mobile internet penetration rate could be as high as 75%. Which translates into big numbers of people that own such devices and use them constantly to access the internet. It is very likely that smart device usage over the course of the pandemic has increased considerably with the numbers of people remote working, WFH etc. And herein lies a major security headache for organisations because many people simply assume that their smart device is safe and secure to use. They tend to do things on these devices that they wouldn’t do on their office PC or laptop, for example. Remember, your phone isn’t impervious to cyberattack and hackers can steal all kinds of sensitive data from these devices – and not just your personal information, if you are using your device for both work and play then any breach can potentially access proprietary company data. A perfect illustration of the negative outcome of when you blur the lines between work and play.

We mentioned some popular communication tools earlier, perhaps none more so than WhatsApp. Owned by social media giant Facebook, WhatsApp is the leading messenger app globally with an estimated 2 billion users. And whilst it started out life for many of us as a means to communicate with friends and family in our personal lives, it has successfully woven itself into the world of enterprise, especially so when so many of us have been WFH during lockdown periods. But WhatsApp offers end-to-end encryption so it must be safe to use right? You might be surprised to learn that Signal (a WhatsApp competitor) is the best option for user privacy. It uses the least amount of data access compared to WhatsApp that collects all manner of data – Device ID, User ID, Advertising Data, Purchase History, Contacts, Payment Information to name but a few.

And it’s hard to talk about messaging security without talking about Pegasus. A joint investigation by Lookout and Citizen Lab revealed that this highly advanced mobile spyware had in fact been used on business executives, human rights activists, journalists and academics amongst others. It came to light that NSO Group, an Israeli-based company behind the development of Pegasus and a leading figure in the spyware industry was in fact behind these hacks. It pushed WhatsApp to file a major lawsuit against the Israeli company whereby the messaging giant revealed that victims of the hack had received phone calls using its messaging app, and were consequently infected with the Pegasus spyware.

Today’s mobile devices are very powerful. They have the ability to access the same data as a PC but from anywhere. This in turn massively increases the attack surface and risk for organisations. This is because many of these devices are commonly used outside of the organisation’s security perimeter. Therefore, employees who are able to access sensitive company data or resources whilst using their device of choice, present a very attractive target for cybercriminals. Mobile phishing can be especially lucrative for cyber attackers with mobile malware delivered to victims via a phishing link – smaller screens on smart devices make it even easier for phishing success compared to if an employee is working with a larger screen (office PC or laptop).

Mobile security is therefore vital where devices and apps pose a major risk. Organisations must safeguard information in the cloud while providing better access to data. Building security in from the start is essential. Endpoint security assessments will help you understand where your weak points are and what should be done. With the correct endpoint security you can help your employees to protect their (and your) data, to stay securely connected and uphold privacy and trust. On the basis that people can, and will, work anywhere and often use their devices for both work and play, organisations need to ramp up their communications security.