Shortly after news of the Equifax breach – which impacted 1 in 2 Americans – broke, The Economist presented a thoughtful perspective on the lessons to be learned from the latest high-profile hack: The lessons of Equihack. At the heart of the recommendations presented to firms on what to do about cyber security is a call to action: new thinking on security should focus on protection of data under the assumption that a hack will occur.
The analogy used in the Economist article is relatable to most of us, and compelling:
What to do? Two principles ought to guide the way that firms plan their cyber-security. The first is to take a layered approach to defence. That is how societies think about many other risks. Cars are dangerous machines, for example. Driving codes and road signs try to prevent accidents from happening. But that does not always work, so cars are engineered to protect their occupants in the event of a crash. If that is not enough, emergency services and hospitals try to fix the damage. This sort of thinking is relatively new in the computer-security business, which has tended to focus mostly on prevention.
Another issue addressed is the reason why, from Yahoo to Verizon to HBO to even the SEC, so much data is available to be hacked to begin with: its value to almost any business, in any industry. Another striking analogy:
But the same digital infrastructure that makes piles of data useful makes them vulnerable to anyone who fancies trying to swipe them. That—and regulators’ increasing impatience with leaks—makes data a source of business and legal risk. This newspaper has argued that, in powering the economy, data are today what oil was in the 20th century. The analogy is apt. Oil is valuable stuff. But it is also toxic and flammable—and spills can be disastrous.
This line of thought is the core principle on which we’ve built PreVeil’s technology. We deploy end-to-end encryption, which covers data on its journey from start to finish; messages and attachments are encrypted directly on the sender’s device and are decrypted on the recipient’s device. This means that only the sender and recipient can read them; the server cannot, and anyone hacking the server sees just “gibberish.” Our Approval Groups model removes “super-users” or “administrators” who can access all information in the system, thereby eliminating centralized points that can become targets for attackers. And rather than passwords – a classic entry point for hackers – our cryptographic keys, stored locally on user devices, facilitate user access to encrypted information in the cloud.
The Equifax breach, perhaps more than any other, truly presents a clarion call to action on the need for a new approach to cyber security. As PreVeil CEO Randy Battat said, in a recent article in Fast Company: “You’d expect the company to be at the extreme end of the security spectrum given it is their business to aggregate highly sensitive data and keep it secure. This case highlights more than ever the need for a system that eliminates central points of attack and protects business data even when the servers are compromised.”
Executives especially have to ask themselves the tough questions – what are we doing to protect our company? What can we do to seize control and lessen our vulnerability? The good news is that there IS a better way. In just a few minutes, businesses and individuals can ensure that their email is safe, thereby protecting sensitive communications.
PreVeil is an easy to use application that uses this new security approach, protecting email and files with end to end encryption. It can be downloaded for free from the PreVeil site or Apple App store.
Protect. Prevent. PreVeil.