IT security check for 2018: data leaks, malware and the new EU-DSGVO

In today's world, where both private and professional communication largely takes place online, IT security is becoming increasingly important. To protect sensitive data, interest in business messengers that rely on end-to-end encryption is therefore growing, especially among companies. More and more messenger services are therefore not only emphasizing security for private use, but are also focusing on business use. This kind of reorientation took place in 2017 with some messengers. Atlassian, for example, introduced the messenger Stride for corporate communication, competing with the team chat Slack due to lower costs. But Slack quickly followed suit, raising a total of $250 million from investors and planning to expand. Moreover, there have also been changes at Microsoft with regard to the business messenger: Microsoft Teams has replaced Skype for Business and now competes with Atlassian, Slack & Co. In addition, the Keybase Chat service is now also aimed at companies, and we also brought a new product to the market with Wire a secure business version on the market.

Data leaks and malware attacks cause a stir

One Study by Bitkom Research, four out of ten companies fell victim to a cyberattack last year. One of these affected companies is the US financial services provider Equifax, where cyber criminals have captured sensitive data from 44 percent of all Americans. As a result, its stock has lost 14 percent and the company's chief executive has resigned. And Deloitte, a management consulting firm, also fell victim to hackers who gained access to the databases, and thus personal information, of top clients. Another data theft also took place at U.S. ride service provider Uber and involved the data of 57 million users and Uber drivers. Although the incident occurred more than a year ago, it only became known in 2017. However, not only hacker attacks, but also attacks with malware can continue to cause great damage to companies in the future and result in a drastic increase in costs.

From UK to USA: How governments are shaking up the IT industry

Governments are not exactly convinced of the security provided by data encryption and want to oblige providers to install backdoors. One of the reasons for this is that encryption prevents criminals from viewing messages, which means they would benefit from cryptography. Governments are particularly bothered by the fact that IT companies do not even comply with court orders, and criminal acts can no longer be proven as a result. For this reason, politicians oppose end-to-end encryption or insist on backdoors for government access.

EU-DSGVO approaching and causing rethinking

The EU General Data Protection Regulation is getting closer and closer, and now at the latest companies should actively address the question of how they can comply with the regulation. The main goal - to simplify, standardize and update the protection of personal data - is causing a rethink. In the process, individuals gain more rights with regard to data processing, for which technical and organizational measures as well as a data processing register are mandatory. As companies will be subject to heavy fines in the event of violations, the EU GDPR will become an important topic from May 2018 at the latest.

Insecure providers: Why encryption is a must-have

Encryption becomes important when there is a possibility that third parties have access to the sensitive data. For example, service providers or providers can be insecure because unauthorized persons can gain access here. This is especially true for cloud storage, communication and collaboration tools that store their data via servers outside the EU, for example. In addition, hacker attacks on e-mail providers are also dangerous, but it also becomes explosive whenever customer data is involved, especially payment data, such as credit card information, or even information about orders placed. This affects both private individuals, who thus become transparent, and companies, which must guarantee secure payment transactions in this case. Further points that make encryption indispensable are, on the one hand, to exclude industrial espionage and to prevent business secrets from becoming public. For these reasons, encryption must be the solution. Whether encrypted e-mails or the encryption of content (such as payrolls, cooperation agreements, calculations) or generally data exchanged in everyday communication. To ensure IT security internally and externally, providers must not be able to view sensitive information; this is only possible with the help of secure data encryption.

Conclusion: Companies must act

Since data leaks and malware attacks are particularly damaging to companies, protective security measures are urgently needed. Also due to the EU General Data Protection Regulation, companies must act now and adapt their security standards accordingly. However, with the help of various providers that rely on end-to-end encryption, implementation is relatively simple. If there is an attack on the cloud provider after implementation, the personal information is protected and cannot be decrypted by unauthorized persons. In addition, the EU regulation also sees the method of encryption as proof of compliance with the requirements. In this way, companies are spared additional costs and customers can also be sure that sensitive data is adequately protected.

About the Author: Alan Duric is an experienced technology expert and entrepreneur who has been in the real-time communications industry for over 15 years. As a pioneer of VoIP technology, he paved the way for the introduction of Web Real Time Communication (WebRTC). The open source standard includes several communication protocols and programming interfaces that can be found in a wide variety of applications today. In addition to founding Telio Holding ASA and Sonorit, he launched Wire, a fully end-to-end encrypted messenger, a secure communication tool for business and personal use that protects digital privacy while respecting European data protection guidelines. Alan's decision to open source Wire was strategic in that it allowed the company to prove that the product is indeed end-to-end encrypted. Compared to other messengers that also claimed to be, but couldn't prove it. Today, he is the company's CTO/COO, a member of the board of directors, and is responsible for the fortunes of an ambitious, international team of over 50 employees in Berlin. In addition, he acts as a consultant for a number of technology startups, bringing his years of experience in open source, VoIP, IT security and software architecture to the table.