Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

13 things to consider before adopting end-to-end encryption


There is a lot to consider before making any technical change in your company’s operations. And when adopting end-to-end encryption, there are some specific considerations to make to get it right. We asked members of the Young Entrepreneur Council what is most important.

Before adopting an end-to-end encryption (E2EE) system into a brand’s operations, what’s one factor that should be considered? We don't shill.

Check out TNW's Hard Fork.


Their best answers are below:

1. Deploy strategically

E2EE is a challenging implementation process that can and will take time to engage across a company. It’s easier to do when a company is smaller but you need to remember the most vulnerable part of a company is not the system but the resources: the people. You need to train your team so that they understand how to best utilize the system and preserve its integrity. Nicole Munoz , Start Ranking Now

2. Understand restrictions

You should go into E2EE knowing that the guarantee of private messaging is only between the client and server. It does not enforce protection between two communicating parties. For example,Google Drive is an example of a non-E2EE system. There are already strides toward creating encrypted systems, so it might be best to wait for those before you go investing in one now. Patrick Barnhill , Specialist ID, Inc.

3. Investigate thoroughly

Consider that there are many types of encryption that generally fall under the E2EE umbrella. Be sure to investigate to choose the one that best suits your needs. Andrew Schrage , Money Crashers Personal Finance

4. Ensure legal protection

Even with the most involved and restrictive forms of encryption, the possibility of a breach is still present. The most important thing to me in these cases is ensuring that you are legally protected in the unlikely event of a security catastrophe. Failing to do so could sink your business. Bryce Welker , Crush The LSAT

5. Monitor closely

There may be an important use case for being able to monitor employees’ communication. If your business is large and you have ever had issues with fraud, bullying, sexual misconduct, etc., then you need to be able to see what has been communicated so you understand what has occurred between your employees. Baruch Labunski , Rank Secure

6. Choose a reputable E2EE provider

With data breaches and malware attacks like Wannacry occurring with increasing frequency, it’s vital for businesses to ensure every potential point of failure in cybersecurity is addressed. More and more, confidential data like client records and trade secrets are shared internally via messaging. Choosing a reputable E2EE provideris an effective way of keeping all data touchpoints secure. Thomas Smale , FE International

7. Close the back doors

The main goal of E2EE is that only the sender and receiver can see the content of the message. Nobody in between who is monitoring the network or the servers; no hackers, no government, not even the company that facilitates the communication should be able to see the message. Ensure no back doors are built into the system that bypass normal authentication or encryption employed to achieve E2EE. Eng Tan , Simplr

8. Do your research

Like all new developments in digital security, E2EE requires users to do their homework. E2EE and P2PE (another commonly used method of encryption) entail different costs and different responsibilities. We tell our clients to take digital security seriously, but to do so thoughtfully. Choose the system that meets your needs. Beth Doane , Main & Rose

9. Ask the experts

Encryption is a delicate balance of trade-offs where one mistake can compromise the whole system.Consult experts in the security field before you start, so you don’t repeat the same mistakes as other companies. Ron Justin , GroupGets LLC

10. Be vigilant

E2EE helps to ensure security during transit but you shouldn’t be fooled into thinking that this gives you complete security. Research indicates that the most vulnerable point is when it’s stored on your device, drive or even on the cloud. So make sure you also take steps to guard data during the endpoint stage and train your employees in security measures. Shawn Porat , Scorely

11. Train employees

Trust in your employees is vital before adopting E2EE practices. With E2EE you will not be able to monitor conversations, which couldlead to a more relaxed atmosphere that makes your employees happier. But, you will not be able to review evidence unless provided by one or more parties to bullying, sexual harassment or general misconduct. You need employees who don’t require babysitting! Brandon Stapper , Nonstop Signs

12. Make a comprehensive cybersecurity strategy With so many security threats, you need to understand that no single measure, including E2EE, is going to protect you from all dangers. Choose a system that’s a good match for your needs. Teach all of your employees to follow security protocols in all areas, including their own devices. Make sure you have a comprehensive security policy and that people in your organization are up to date o

Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images