A new kind of intruder in a digital age
When it comes to discussions around security, many property developers and facility managers may conjure up images of masked intruders, high-tech alarm systems and broken windows.
But in today’s ‘always on’ business world, digital security is now a greater threat than a physical break-in.
While smart buildings and facilities’ IT systems may be at risk of cyber attack, the most likely threat is hidden within something you use hundreds of times a day.
The confidential information contained in your emails and messages is the number one target.
Many people believe passwords protect their data and that when they share messages and documents, this information is only visible between the chosen parties. Unfortunately, email and file sharing systems simply do not work that way.
Regular email, chat and document sharing is generally sent across the internet as free text, so unless some precautions are taken, such as using a Virtual Private Network (VPN), that information can be read or modified by almost anyone.
Using public Wi-Fi to access corporate or business emails is notoriously insecure, but even when a VPN is used and the messages are encrypted, IT teams or other agencies have or can access the master decryption key and render your data vulnerable to prying eyes or cyber attack.
Many property developments and facility managers simply do not realise the risk of using unsecured email to negotiate with partners, discuss property details, internal policies and appraisals, and collect personal information from tenants and clients.
Consider, however, the potential repercussion for a business that allows hackers to steal client credit reports, rental histories and applications, or even critical company IP (intellectual property).
Over the past year, dozens of major Australian organisations and businesses have felt the impact of major cyber breaches. More than 26,000 tax returns were delayed and $9 million in refunds cancelled after hackers created fraudulent tax returns.
A teenager stole databases with more than 870,000 records from insurer Aussie Travel Cover, and information and confidential complaints made by citizens in Queensland were accessed after hackers broken into the TAFE and Department of Education websites.
True digital security requires more than robust internal systems. A business can have tough internal measures, but the second an employee needs to communicate with other businesses or individuals off-premises, they are vulnerable.
Hackers are always developing new ways to infiltrate business systems. Malware is one of the most common types of attack today, with viruses buried inside seemingly benign links and files.
The latest example is a Trojan virus disguised within a common PNG image file. Hackers are even taking a page from the marketer’s playbook and optimising attacks to match the times of day during which victims are most likely to click.
Email copycats or phishing attacks are also becoming increasingly common and sophisticated. In these attacks, hackers use data found through other cyber attacks, on websites or social media and even from the GPS (global positioning system) data in your phone to disguise as legitimate sources, such as banks, contractors or company executives and request payment for services.
The latest report on advanced attacks from Proofpoint found that high-level employees with access to wire transfers have been targeted in organisations of every size across all industries. Armed with the right information, attackers convincingly pose as the CEO, CFO or another executive and urgently request for funds to be transferred.
Ransomware, in which hackers break into business systems and hold the data hostage, is another growing threat to businesses of all sizes. In fact, security experts say it is often small businesses that are increasingly being targeted, as they are the most likely to be caught off guard. Ransomware encrypts the contents of the data stored on the system and demands payment in order to recover the data.
“Many people believe passwords protect their data and that when they share messages and documents, this information is only visible between the chosen parties. Unfortunately, email and file sharing systems simply do not work that way.
Even businesses that favour new digital communication tools such as messaging and document sharing apps over traditional email are at risk. Proofpoint’s analysis of the Android app store discovered more than 12,000 malicious mobile apps that are capable of stealing information, creating backdoors and more – accounting for more than two billion downloads. Commonly used tools for sharing files and images, such as Google Drive, Adobe and Dropbox, are now trusted by hackers as the most effective lures for theft.
Cybercriminals will always be one step ahead of businesses, making it nearly impossible to keep up with the latest email and communication scams. Businesses, therefore, must find an alternative approach to managing how they share their most sensitive data and information.
The solution is a system in which closed communication networks or circles can be easily created and modified. These communication circles should complement traditional email systems and enable businesses to share confidential information, chat messages, documents and data securely between parties, with the help of end-to-end encryption.
The circles are secure because they restrict access to only those who need it, whether internal or external. With a closed, secure communication circle, it doesn’t matter where an employee, client or partner is located. The email, message or information is simply encrypted at point A and decrypted at point B.
Now, encryption may sound anything but simple, but there are new solutions that enable businesses to benefit from industry-standard, multi-level encryption technology, without even having an IT team. For instance, you can use Dekko to encrypt critical information without replacing any existing system or spending more than a few minutes on set-up and still access the information you need from any device.
The technology is based on user-generated private keys that never leave users’ devices, which means no back doors and no risk of the data being decrypted by anyone other than the sender or receiver. Each new message has its own unique key and is encrypted, so it cannot be tampered with or accessed.
Data breaches can have a major impact on business, whether it’s through the loss of valuable IP or their consumers’ confidence, which is why there are many situations in which businesses need to have confidence that the discussion and documents will remain private and within a trusted group of colleagues. In fact, any business that retains, stores or sends confidential customer information or critical IP between third parties should consider this approach.
Relying solely on traditional, preventative safeguards, such as firewalls, simply won’t cut it with today’s cyber threats. Understanding the risks associated with traditional email and communications tools, and encrypting the data that’s most important to your business are more effective strategies for the long-term, particularly as your business grows.
Solutions that utilise strong encryption minimise the business risk in the event of a cyber attack and decrease the likelihood and severity of insider attacks and accidents by employees.
While it may be easier to continue focusing on preventing physical threats, the truth is it is no longer a matter of ‘if’ a cyber attack will occur, but ‘when’.
Hackers are the new masked intruders, and businesses within the development and property sector can no longer afford to pretend that they are not a target. By ensuring they are prepared to meet the security challenges of today and tomorrow, these businesses can secure a true path toward growth.
The author, Eric Schwantler, is the general manager of Dekko Secure, which provides complete security and privacy for email, chat and document storage. This article also appears in the June/July edition of Facility Management.