BOARDROOM BEST PRACTICES

Diligent Messenger – Why Secure Messaging is Better than a Phone Call

UK boards of directors need secure communications. But too many directors are still using the phone or sending an email, and thus putting sensitive information at risk. 

Boards of directors need secure communications.

Boards of directors’ members must learn to avoid phones, fixed-line and mobile, because they are not secure. There are no updated statistics on phone hacking in the UK, but the last estimate by Ofcom in 2013 showed that more than 40 per cent of British companies had been affected by phone hacking in one form or another, at a cost of £1.4 billion (US$1.88 billion).

However, in the UK, fixed-line phones and cell phones are still relatively easy to track, to bug and to tap. The online side of security, in particular, has grown by leaps and bounds recently, with multifactor authentication, behavioural monitoring and identity-based management all helping to greatly improve data security. However, at present, the same cannot be said for phone-based contact in the UK, which still lags significantly behind its online counterpart.

A study by the London-based organisation Krowdthink shows that criminals can track a GPS signal in the same way that the police do when they are following someone. There is also equipment that criminals can obtain easily enabling cell phone calls to be tapped.

Mobile phones put directors’ communications at risk

“A smartphone is not just a phone. You don’t use it just for making calls and receiving text messages. It is a small computer that keeps you connected with your family, friends and the world at large through numerous online services. But it is also a device with a camera and a microphone that you have next to you at all times. Turning this hardware into a surveillance tool is much easier and [more] effective than you think,” warns telecommunications expert Dmitry Fedotov.

Fedotov explains that, to gain total control of someone’s phone, an attacker just needs a computer, a Linux OS and some hacking apps. It is all cheap and easy to obtain.

It only takes one infected mobile device on a corporate network to provide access to the entire network. The danger: compromised corporate information, followed by decreased productivity and increased malware infections, according to IT security experts at SolarWinds.

Discover how Diligent Messenger can help ensure that your board of directors are utilising the best practices behind secure communications to protect against any sort of data breaches.

Fixed-line phones are also at risk

Fixed-line phones are not much better. To gain contact with someone on a fixed-line phone, a criminal has only to deal with some fairly rudimentary PBX codes, according to UK Telecommunications security expert Tom Harwood of the consulting firm Aeriandi. 

Criminals often work through contact centres, because they offer relatively easy targets for telephone fraud.  As a result, telephone agents in the contact centre are becoming an increasingly attractive target for criminals looking to take advantage of poor phone security practices.

Pindrop Labs analysed more than half-a-billion calls to investigate the latest fraudulent call centre activity data from around the world. Pindrop’s 7th Annual Call Centre Fraud Report reveals that call centres are the nexus of fraud activity, with a 113% rise in fraudulent calls within the past year. Fraud rates in 2016 were one in 937 calls compared to one in 2,000 calls in 2015.

Telephone fraud also represents a low-risk, low-cost method for perpetrators that is easy to carry out from anywhere thanks to the growth of Voice Over IP (VoIP) networks, which make it possible to make calls under any name from anywhere. A crook in Birmingham could use VoIP numbers in Singapore to make calls to London, and the caller’s identity would be well hidden.

And those who live in the UK live at risk of government surveillance: It’s possible for the local council to tap your phone for as little as fly tipping, according to a report by the Interception of Communications Commission. Of the more than 1,000 phone taps issued every day by government authorities at various levels, a majority are in violation of the protection laws, the report says.

Directors should also avoid email

Email has come a long way since 1979.  From a simple way of messaging, it has evolved into our online personalities, how we sign up for things, collaborate, manage calendars and find information.  The internet protocol (SMTP) which manages sending mail from client to mail server and between mail servers was designed for use in the very first network, where everyone was already known and trusted, writes a security expert. Passwords weren’t even encrypted.  Adding the SSL/TLS security handshake into SMTP, as many mail providers have done, provides security only on the first stage of the email journey.  A recipient mail server may not have SSL installed.  This means that your email can be picked up and saved by a different server or “sniffed” and read on the network.  The fact that email may just be going to the office next door doesn’t make it secure.

Diligent Messenger provides secure communications

Other communications software programs boast of having top-notch security with little to back up those claims. Diligent Messenger has rock-solid security by investing in the following security measures:

  • SSAE 16/ISAE 3402 (SOC 1 Type 2) service organisation annual audit of controls
  • Type 2 SOC 2 Security and Availability audit
  • HIPAA AT 101 audit
  • ISO 27001 certified since February 2014
  • Third-party vulnerability scanning and penetration testing
  • Diligent employee training in data security requirements

Security related to mobile devices is a large-scale concern in today’s corporate world. There’s no worry about security issues with cell phones and tablets with Diligent Messenger because it has a remote wiping capability. Diligent Messenger incorporated this technology so that if mobile devices get lost or stolen, all of the confidential and sensitive information can be wiped from a remote location, keeping board business safe and secure.

And, in addition, the Diligent Messenger program creates a formal process that makes it easy to identify and review communications in the event of a necessary legal discovery request.

Diligent Messenger prevents problems with accidental emails. Anyone can be guilty of making a Freudian slip, such as thinking about a person and then unwittingly sending them an email that was intended for another recipient. Such honest mistakes can cause major problems.

Haste makes for many mistakes as board directors unintentionally hit “reply all” or forward messages to unauthorised recipients. Diligent Messenger offers an email retrieval system that lets board directors retract accidentally sent emails. With Diligent Messenger, board directors gain assurance that every email sent is relevant, timely and accurate.

Featured Blog