Tag: privacy

06 Jan 2017

A Welcome Reset for Citizen Privacy

Canada’s Public Consultation on National Security 

The notion that we are being watched digitally has, seemingly overnight, become something many people now accept as a fact of life in the modern, post-Snowden world. Much of the news around citizen privacy, as always, has been focused on the US, but are we on the sidelines? Canada is an active participant in the five-eyes program, has rolled out the now politically toxic Bill C-51, and as members of NATO, NORAD, and enough acronyms to fill an alphabet soup, we are very much an active player. Not to mention how connected we are on a personal level to the greater world. I may be Canadian, but I hold no illusions about my data – I exist online, along with my purchasing and travel behavior, web searches, e-mail and social media conversations, what TV shows I watch, and very often my location, on countless servers around the world – and the same goes for you. The more interesting question, now that extra-legal surveillance has become the de facto standard, is how have governments reacted and where, policy wise, do we go from here?

Both the US and UK have decided to go one way, attempting to drag extra-legal surveillance into the realm of legitimacy. In the US, choosing to have Edward Snowden continue to be a persona non grata, the FBI attempting to use the All Writs Act to compel Apple to write software that would break security features, the accepted use of Stingray devices on a local level, and the list goes on. The UK as well has been mulling over legislation of the draft Investigatory Powers bill that would compel internet service providers, telecom companies, and other services you rely on to turn in information about your habits without a warrant. Canada, in its own right, has made some concerning moves to the dark side. C-51, for instance, was a worrying enough debacle that the Liberals needed to reaffirm that yes, they do, in fact, still believe in The Charter. More recently this summer, the Canadian Association of Chiefs of Police began vocally calling for the power to get people’s phone passwords through the course of an investigation.

But it appears as if we’ve been afforded the opportunity for a reset. The Canadian government has opened up several public comment periods this year surrounding national security, and specifically how it will adapt to investigations in the digital age. This is an encouraging step to allow citizens’ concerns to be heard and offers the opportunity to make improvements to Canada’s national security laws and regulations, namely C-51. And while it takes two to tango, and some citizens are hesitant about the effectiveness of such consultations and the government’s reply, it is the responsibility of our democracy to respond and adjust, in an accommodating way to the public, as that is their hallmark.

Thankfully, the voice of resistance and, in this case, reason, continues to get louder and more forceful around the globe when it comes to issues of privacy versus security. Apple was willing to stare down the government rather than publicly compromise the security of their users. Alex Stamos, former CISO of Yahoo, resigned when he learned of a secret program whereby the government could search the e-mail of all Yahoo email users, in real time, without a warrant required. With the public consultation, we too have the opportunity to voice our objection to these larger trends towards the invasion of citizens’ lives and lowering the barriers to violating privacy.

So I, along with hundreds of others in the Canadian security industry, took part in the public comment period the government had devoted to national security. Hopefully you did the same. This was an opportunity to defend our fundamental rights and reset our legislation on citizen privacy.

Now, we sit back and wait to see how, in the face of an incredible amount of technological power, this government decides to treat its citizens – as an information mine to be exploited, or as the country’s most precious resource to be protected. We will be watching.

By Jacob Ginsberg, Senior Director, Echoworx

23 Nov 2016

Encryption, the best way to protect data from hackers

It’s no secret that today’s cyber criminals are heavily funded and technically astute – creating more methods to hack into organizations than individuals and businesses can keep up with. Because of their ever changing, advanced and growing capabilities, private organizations and governments must protect all possible gateways to information in our digital-driven society. To keep the data sent via email safe, email encryption remains the best protection in today’s cybersecurity landscape.

Smarter devices mean new vulnerabilities
The evolving technology landscape has created challenges for businesses trying to stay ahead of the curve. As the workforce becomes increasingly mobile and digital, organizations are opening new digital communication and commerce channels to meet employee and business needs. But as new devices are connected to the network, and thus become connected to confidential information, risks to data privacy will appear. These new devices and potential vulnerabilities create opportunities for hackers to infiltrate personal and professional networks at vulnerable entry points.

Companies must have a solution that is focused solely on encryption if they are to tackle today’s rapidly changing technology landscape. Encryption can be tailored to meet a company’s specific IT policies, compliance requirements and user needs to ensure that critical communication touch points are protected whether on mobile or desktop, keeping organizations’ information safe. Encryption allows businesses to innovate while leveraging new technologies, ensuring that sensitive data remains secure.

Securing confidential information – in transit and at rest
Vast volumes of confidential company, customer and employee data passes through business networks every day. Companies in regulated industries represent a treasure trove for cyber criminals as they hold mounds of confidential information including biometrics, health records, financial transactions, inventory tracking, climate controls, and even digital keys. For example, to properly track medical records for HIPAA compliance, there is often personal information attached to communications that can be exploited by hackers.

To ensure that this confidential information is protected, email security solutions are often overlooked in favor of network firewalls or file server security. As a result, message interception has become more frequent – putting information at risk. Email encryption solutions that are content aware are critical to combating hackers targeting corporate email data. Content aware encryption solutions can be configured to automatically scan email content and attachments based on a company’s security policies – providing a user-friendly experience for employees and peace of mind for IT management. Encryption is crucial to ensuring that this confidential information remains private and secure – while emails are in transit and at rest.

Key to citizen privacy and security
Beyond the business benefits, encryption is also key to citizen privacy and security. But, as governments adapt to crime in the digital age, we have seen them continue to push for ways to weaken one of our best protections, encryption, with master keys or back doors to encrypted information. Encrypting sensitive information is just as important as locking your home when you leave. But would you hide a master key for your home right on its perimeter? Encryption back doors are essentially leaving a key for hackers to discover for easy entry.

Encrypted data is only as secure as the keys used by the system that locked them. If the keys are compromised by hackers, negligence or other means, or entry ways are made available via backdoors, then any data that’s encrypted can be decrypted. Ultimately, an entrance into encrypted information, whether meant for the government or an IT executive, is an entrance for everyone, including cyber criminals. Encryption is critical to the security of data and ensuring that citizens maintain their privacy, and management of keys is an essential piece of the puzzle.

As adversary tactics continue to grow and evolve, citizens and companies must feel confident that their data – from private information to intellectual property – is secure. Encryption is critical for protecting confidential data from today’s growing, fast-moving, and ever-changing cyber threats. And to remove pathways for hackers to exploit, we must maintain that back doors are not created, and all keys are properly managed. By applying encryption to email and other data, organizations can ensure that hackers have no way to access data that they discover or intercept.

If you would like to find out more ways to ensure your critical communication touch points are protected, the additional content listed below may be of interest.

  • Download our REPORT    Do You Trust Email?
  • Watch our DEMO     B2C Encryption Protection
  • Read our REPORT    Fraudsters, Hackers, and Thieves

By Kai Cheung, VP Architecture at Echoworx

08 Nov 2016

Combating Insider Threats

When Edward Snowden leaked NSA’s classified documents of their surveillance program, it sent a message out and loud to companies; if an employee can steal sensitive documents from the NSA, an employee can do that with anyone.  The authorized access of employees to a company’s confidential data poses a self-evident risk to its cyber & financial security because such data can be used to exploit the company.

The motivation behind such treasons? It could range from a fraudulent opportunity dangled in front of an employee to resentment harbored by them which foments into action. It may be because of deeply held morals or beliefs of an employee or in fact, the financial gain. Access to the company’s best kept secrets and inside knowledge of its security weaknesses, always gives the culprits an upper-hand.

Intentional theft isn’t the only insider threat.

Imagine your company, now imagine an employee in your company sending a confidential document to a customer. Maybe he is in a rush, or he is groggy or he is sending the email before his caffeine kicks in and he sends the confidential document without encrypting it. The hacker is waiting at the end-point to find a vulnerability, and guess what, your employee of the month just handed your company’s security to him on a silver platter. In 2015 over 116 billion business messages were sent a day. That’s 116 billion chances for sensitive information to be intercepted – either with malicious intent or accidentally.

The amount of data which circulates within business networks everyday can be staggering and much of it is deemed to be confidential. Companies in highly regulated industries hold large amounts of confidential data- information which includes biometrics, health records, financial transactions & inventory tracking. Simply the chance of getting hands on a wealth of highly confidential info in a single hit, makes highly regulated industries a top target.

Since many companies are favoring firewalls and server security, and shying away from email encryption- they are leaving a huge loophole for message interception and are putting information at risk. Policy-based email encryption is a key to combating cybercriminals who are dedicating even more effort to breaching corporate email data.

Email encryption solutions, which can be configured to recognize and encrypt specified email based on a company’s preset policies, provides a user-friendly experience for employees and peace of mind for IT management. But will your workforce reliably use it? Case after case has shown us that companies and even entire industries have neglected to ask the question.

If email security solutions – or any other technologies for that matter – are too complicated, employees will almost certainly find easier means to complete a task. In this scenario, security is the ball that is dropped. Insider threats continue to keep senior business leaders awake at night. A recent PwC report in the US found that 32 per cent of respondents consider insider threats to be costlier and more damaging than external incidents.

Encryption is crucial to ensuring that this confidential information remains private and secure – while emails are in transit and at rest. If you would like to find out more about how email encryption can help your business and your employees protect sensitive data, the additional content listed below may be of interest.

  • Download our REPORT  | How Much Do You Trust Email?
  • Watch our DEMO  | OneWorld B2C Encryption Protection
  • View our INFOGRAPH  | 5 Encryption Factors to Consider

By Ali Kiassat, Echoworx

23 Sep 2016

Ransomware 2016, Billion Dollar Business Nightmare

Cybercrime has been with us since personal computers became available to the masses. But never before in the history have people across the world been subjected to intimidation on a gigantic scale as they are today. There are millions of emails sent out every day and billions of financial transactions done every year. With the massive use of computers and internet, cybercrime is becoming more and more prevalent. The cybercriminals prey on the innocent users with the help of a wide range of malware, with mostly the purpose of making money-directly or indirectly. Today, ransomware has taken the center stage. And it is spreading like wildfire, completely out of control.

Ransomware is designed for direct revenue generation. The US has been the region most affected by ransomware, with 28 per cent of global infections. Canada, Australia, India, Japan, Italy, the UK, Germany, the Netherlands, and Malaysia are the top 10 victims of ransomware. The average ransom amount this year has doubled from $294 US at the end of 2015 to $679 now. The favored payment method for locker ransomware is payment vouchers and for crypto ransomware, it’s bitcoins. Spear phishing emails remain the most common way ransomware is spread.

The growth of ransomware is fueled by two major advances:

  • Anonymity software such as Tor, which allow criminals to hide their location and network usage. It is in fact, free to public use.
  • Anonymous payment methods, with Bitcoin being the preferred platform, that operate outside the traditional financial system. Bitcoin provides unidentifiable transactions because the movements are masked. Bitcoin wallets are free and disposable, giving attackers the option to generate a new, unique wallet for each maneuver, making it hard for law enforcement to follow all earnings.

The FBI estimated that $209 million of ransom payments were extorted from businesses and institutions in the first three months of 2016. It is believed that at this rate, ransomware will reach a 2016 $1 billion business. In response, the FBI has issued a guide for ransomware prevention and response intended for CEOs.

With access to enormous funds, criminals and terrorists have the resources to seriously contend with law enforcements and governments. Moreover, professional fraudsters have started selling services – the ransomware business model has opened doors to gold mines for attackers.

This is an example of a blackhat hacker’s ad offering ransomware services:

“You give me a .EXE file and any ordinary .PDF file (this is optional; I can use a blank .PDF or my own) that you want to send to the user. I will stitch them together and give you a toxic .PDF file. When the user opens it, the files will be extracted and the toxic .PDF will be replaced by the ordinary .PDF and displayed to the user. This service costs US$420.”

Lately, the news headlines about the enforcement agencies and government lawmakers calling for the weakening of encryption and encryption backdoors, has reignited the global debate on privacy. The underlying assumption of the lawmakers is that with on-demand access to encrypted data, communications among cybercriminals and terrorists would be exposed, and the world would become a safer place.

But the cold hard truth is that weakening encryption with backdoors will only allow criminals and terrorists to conduct more attacks on common users, businesses and government agencies. Criminals and terrorists will remain out of reach, because they can use their own home-brew software built with strong encryption algorithms.

Strong encryption safeguards our businesses, commerce and government operations.  The call for weakening encryption will only erode our personal freedom, endangering our society and our digital future.

To learn more about how you can seamlessly integrate email encryption into your environment while driving performance and creating seamless customer
experiences:

  • Watch our VIDEO  | How Effective B2C Encryption Protection Works
  • Download our DATA SHEET  | OneWorld Enterprise Encryption
  • Download our CASE STUDY  | Top Bank Demand Performance & Productivity

By Kai Cheung, VP Architecture at Echoworx