Riaan Badenhorst,
Encryption is not something many people consider when sending emails or instant messages to friends, family, and colleagues.
However, keeping data safe should be one of the most fundamental elements of the information-driven world. Encryption ensures that nobody, except those who have the relevant permission to do so, can access specific messages. In many respects, this [encryption] has become the heart of data privacy.
Earlier this year, WhatsApp implemented end-to-end encryption. This resulted in some interest around how messages previously had the potential to be intercepted by malicious users and provide an entry-point into user accounts.
For the uninitiated, encryption is not just relevant to sensitive corporate data or secret personal messages. Imagine a hacker having access to all your documents, photographs, financial records, and other information. Even just a compromised address book has significant potential to cause harm.
The reality is that a lack of security in communication apps might have disastrous consequences on both reputational and financial levels. So even though WhatsApp might be secure, what about the myriad of other communication apps people use? And this is not forgetting the potential risk around email.
It is frightening to think that even though email has become pervasive, it is still the most insecure form of digital communication out there. Even though documents or other attachments might be encrypted, sophisticated attackers can easily get access to any message sent in plain text. On the corporate side, this puts the onus on IT departments to educate users on the importance of not sending sensitive information in emails. The days of sending a password as part of the email body or an unencrypted document as an attachment should be a thing of the past.
Fortunately, there are a number of encryption and decryption methods so the user does not have to rely on a proprietary solution or algorithm. The most important thing is to keep the encryption key (password) a secret so only trusted parties know it.
Additionally, smartphones are also shipping with encryption features. This means important information is kept in encrypted form and is decrypted each time a user inputs a PIN to unlock the device. These are all steps in the right direction to create an awareness for the importance of encryption. Users need to start embracing this or risk compromising not only their personal information but potentially that of their employer as well.
Riaan Badenhorst, Managing Director, Kaspersky Lab Africa