Privacy breaches are in the media all the time: a major company’s servers are hacked, or a celebrity’s private photos are stolen. These stories are so commonplace that it’s odd to see a week go by without one, which begs the question: if these global enterprises and wealthy celebrities can’t protect themselves, is privacy really possible?
Despite the barrage of data breaches and intrusions, the answer is yes: privacy is possible both for individuals and for enterprises, to whom it is critical for success. Achieving privacy starts with changing how we think, and tools that function at the speed of life.
Each member of an organization shares responsibility for maintaining the privacy of that organization. IT and security departments deploy infrastructure that’s designed to protect against security threats, but often, an attacker will not directly attack the core network and instead attack a much softer target: the employee. With phishing emails for example, an attacker sends a message that appears legitimate from another department in the same company, a bank, or another friendly organization – when in fact it’s designed to deliver malicious software, or steal your username and password by getting you to enter it into a fake website. It’s a lot easier to send an email to a few hundred people than to hack a protected server – and you only need one person to open an attachment for it to work.
The traditional approach to mitigating risks from individual employees has been to warn them about possible threats and provide information about how to avoid those threats. The downside with this approach is that, despite education, it’s not realistic to put the onus on individuals for privacy and security. When we look at the continued success of electronic social engineering: every corporate IT department reminds employees not to click on links in suspicious emails, yet these attacks are still highly successful. Verizon’s 2015 Data Breach Investigation Report noted that 23% of recipients open phishing messages, with 11% actually clicking on the attachments. That’s a staggering number.
The modern technological climate environment is one in which there is more to keep track of than ever before. With BYOD policies becoming more common and workloads increasingly being managed via smartphones, vulnerabilities to enterprise systems are less focused on desktop machines and email and are shifting to mobile devices and the software and data on them. The exponential growth of mobile devices is significantly increasing the number of end points to manage. Rather than mandating privacy and security via policy and user based enforcement, the focus should be on creating an environment of privacy by default.
Education efforts should continue, and employees need to be conscientious about their communications. Businesses however, must ensure that employee information is safeguarded, while also providing employees the tools they need to be productive while protecting the company’s interests.
Silent Circle’s solution is a platform of hardware and software centered completely around privacy. By providing a phone and operating system designed with privacy in mind, and platform-agnostic software solutions that can be distributed to existing mobile devices on a large scale, we offer products that offer privacy by default, rather than cumbersome bolt-on security or checklists of things to avoid.
Instead of reminding people to encrypt their phone’s data, Blackphone does it for them by default. Rather than expecting people to remember to use Silent Phone, the app can automatically pop up to place a call any time they try to use the standard dialer, ensuring that communications are encrypted – with simple, easy to use software and without complicated workarounds.
When employees are better able to understand and manage their own privacy it’s to everyone’s benefit. Simple, smart implementation makes that possible. That’s privacy deployed.
– TK Eppley, Chief of Staff
See more of the ongoing discussion about the value of privacy on The Guardian.