Home / Blogs

Remote Work Demands Encryption

Now that we are all working from home (WFH), the need for encryption must also increase in priority and awareness. Zoom's popular video conferencing solution got in hot water because they promised "end-to-end" encryption but didn't deliver on it — prompting some organizations to ban it from use altogether. Encryption protects confidential information from being exposed in transmission, providing a secure way for the intended recipient to get the information without snooping by others.

Corporate data use is commingled with personal data use in WFH environments, emails and chat sessions are mixed with e-learning, volunteering, medical appointments and tax transactions. This potent combination of data leaving our devices from home makes an attractive target for criminals or snoops. This increased dependency on the Internet spotlights the myriad ways we expose data. Encryption should be deployed to help protect both corporate and personal data use.

The data assets of organizations are especially at risk. New (often personal) devices from new IP addresses are accessing networks that require verification and authorization. (More on this in an upcoming blog post.) Further, known and unknown bad actors are working hard to take advantage of this abundance of data over unencrypted channels and are intercepting confidential information that can be used for anything from social engineering to corporate espionage to rerouting cash to intellectual property theft. A complete shutdown is not an option; remote employees must continue to do the things that keep the organization operating.

Infrastructure providers like Afilias have an additional data layer to protect — the infrastructure that powers the core of the Internet. With an expectation of 100% uptime and zero outages, such providers must perform to an exacting standard on security, availability and interoperability. When the staff of such providers are all WFH, special care must be extended to confidentiality and security. Employees working from home must adhere to some common sense encryption rules. All communications related activities — email, chat, video — use encryption to ensure the confidentiality of your data transmissions. Reputable communication providers will offer encryption to maintain confidentiality.

When it comes to data exchange, only do it in an encrypted environment. For example, don't attach tax documents in an email, even if you use a password; upload these directly to your preparer on their secure site (be sure and check the address, especially if you are considering clicking a link). For work data/documents, a two-step process is now necessary — first, upload the documents to a secure location within your organization, and then send a link to that location to your colleagues so they can securely download.

Organizations that are dealing with a remote, distributed WFH employee base should increase vigilance of the new challenges raised by a WFH environment. Security and risk teams need to inventory all of the access points and devices and enforce or modify security protocols, e.g., use of hotspots, access from locations without encryption, and use and storage of corporate data on personal devices.

Encryption Tools and Considerations

This handy matrix summarizes what is encrypted, who is responsible and some tools to add encryption.

Matrix summarizing what is encrypted, who is responsible and some tools to add encryption.
RelevanceEncryption Tools and Considerations
End UsersEnterprisesInfrastructure Operators
Written communications (email, chat)• Choose software and apps with end-to-end encryption [BlueJeans, Cisco WebEx, Google Hangouts, Microsoft Teams, etc.]
• Modify privacy settings to your needs
Video conferencing
Personal data exchange (e.g., telehealth, financial, fitness apps)
Domain names and websites• Enable DNSSEC
• Use digital certificates
Cloud Storage and Cloud backup• Utilize best of breed vendors for VPNs, payment processing
Enterprise data exchange (e.g., business information, payment/donor data, employee management)
System reliability management (e.g., software updates, patching)
Infrastructure operations and maintenance• All of the above
• Require encrypted communications for all mission-critical corporate activities
• Increase or modify network threat monitoring given new risk vectors

Encryption used to happen "in the background," usually handled by your Corporate IT staff. Now that we are all WFH, the responsibility to add appropriate levels of encryption to both maintain confidentiality and to preserve data and credential integrity has dramatically shifted to all of us.

If ever there was a time to learn and execute on encryption, it is now. Success now will make us more flexible and secure in the future.

By Ram Mohan, Chief Operating Officer at Afilias – Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byIPv4.Global

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

Brand Protection

Sponsored byAppdetex

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform