Dis-Chem As Case Study: How Secure Are Your Email, WAN and Chat Solutions?

The recent cyberattack on retail giant Dis-Chem, which came barely two months after a similar attack on credit union Trans Union, has once again put the spotlight on the critical importance of data security.

In Dis-Chem’s case, customer data was managed by a third-party service provider, and the attack exposed the names, email addresses and cell phone numbers of more than three and a half million customers.

So far, Dis-Chem says there is no evidence that this information has been misused, but there is, of course, no guarantee that it will be.

As a precaution, the company advises its customers to:

  • Do not click on suspicious links you receive in emails.
  • Do not share passwords or personal identification numbers via email, text message or social media.
  • Change their passwords.
  • Run regular antivirus and malware scans and make sure software is up to date.
  • Only share personal information when there is a legitimate reason to do so.

This is good advice for anyone with any kind of online presence, but it’s a stark reminder of how vulnerable our sensitive data is and that – despite POPI and GDPR regulations – we can’t rely on it being protected by anyone other than ourselves.

Of course, the Dis-Chem attack is just the latest in a disturbingly long line of global incidents, and companies are wondering what more they can do to protect their own data – and that of their customers.

Encryption is one of the most effective ways to protect your data. In this method, information is converted into a secret code that hides its true meaning.

It may surprise you to learn that this method was used long before the digital age. In fact, encryption practices can be traced back to 1 900 BC, when Egyptian scribes used non-standard hieroglyphics to hide the meaning of an inscription.

In 700 B.C., the Spartans wrote confidential messages on strips of leather that they wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of the same diameter, the recipient could recover (decipher) the message.

Later, the Romans used what is known as the Caesar shift cipher, a monoalphabetic cipher in which each letter is shifted by a specific number.

The science of encrypting and decrypting information is called cryptography, and in recent times it has been used almost exclusively by governments and large corporations. It was not until the late 1970s, when the Diffie-Hellman key exchange and the RSA algorithm were first published and the first personal computers were introduced, that encryption found wider application.

In 1976, Whitfield Diffie and Martin Hellman’s paper “New Directions in Cryptography” solved one of the fundamental problems of cryptography: the secure distribution of encryption keys to those who need them. This breakthrough was shortly followed by RSA, an implementation of public-key cryptography using asymmetric algorithms that ushered in a new era of encryption.

By the mid-1990s, both public-key and private-key encryption algorithms were routinely used in web browsers and servers to protect sensitive data.

So how does encryption actually work?

To be effective, a cipher contains a variable as part of the algorithm. This variable is called a key and makes the output of a cipher unique. When an encrypted message is intercepted by an unauthorized person, the intruder must guess which cipher the sender used to encrypt the message and which keys were used as variables. The time required and the difficulty of guessing this information is what makes encryption such a valuable security tool.

Today, encryption is used to protect data stored on computers and storage devices, as well as to protect data in transit over networks.

The three areas most vulnerable to security breaches are undoubtedly email, our server network, and chats like WhatsApp.

Email

Dr. Catherine J. Ullman, senior information security analyst at the University of Buffalo in New York, says, “Although you need credentials to log in and access the email in your inbox, by default email is sent in clear text from server to server and can be read by anyone in transit.”

That’s worrisome enough, but there are other areas of concern. When you send an email, you don’t know how many networks or servers the message will pass through on its way to the recipient, or who will have access to it along the way. In addition, emails that are on your device may be accessible to third parties – and don’t forget the common mistake of sending a message to the wrong recipient!

Networks

How secure is your company? You only need to read the news to know that our networks are under constant attack. How can we secure our traffic at the network level?  Can we make our network invisible? These are common, but critical questions that every company needs to answer.

According to a Verizon report on ransomware, social engineering and phishing, small and medium-sized businesses (SMBs) are a major target for cyberattacks. In fact, 43% of all data breaches occur in small businesses.

The reason is clear:

SMBs are lucrative and interesting targets because they either don’t care as much about information security or simply don’t have the budget to adequately protect themselves.

One of the best ways to protect your enterprise network is through end-to-end encryption (E2EE). This is a communication system where only the communicating users can read the messages. It is designed to prevent data from being read or secretly modified by anyone other than the actual sender and recipient.

In principle, it prevents potential eavesdroppers – including telecom providers, Internet service providers, and even the provider of the communications service – from accessing the cryptographic keys needed to decrypt the conversation.

Chat

Let’s face it, we’ve all shared personal or business information in “unsecured” messaging platforms like WhatsApp or Facebook Messenger. The problem is that the communication takes place on the device it was sent on, so a vulnerability can be exploited right on the device.

So what can we do about it? The answer is encrypted chats.

An encrypted chat cannot be read or manipulated by anyone except the person on the other end. That is, no one can know who you are, where you are, how you are connected to the network, or what you are saying.

So how can we make our digital information and communications more secure? Here are some suggestions from MWare, the automated business solutions specialist:

Email

To protect personal and business email, an automated encryption solution like SecureEMAIL with end-to-end encrypted email offers the following benefits:

  • Reduced risk of unauthorized access to confidential email communications.
  • You are in possession of your own data – only the sender and the recipient have the keys to decrypt the email and attachments.
  • Secure communication with third parties – even when using public or free email providers.
  • Seamless integration – encrypt with just one click.

Network

Protect your wide area network (WAN) from external threats with a WAN encryption solution like StealthWAN. It also encrypts all communications between your headquarters, branch offices and Internet-of-Things (IoT) devices.

The benefits of this type of encryption include:

  • Reduced costs – using the Internet as a secure transport layer significantly reduces the cost of existing network infrastructure.
  • Improved uptime – seamless network failover between different connectivity media.
  • Seamless provisioning that can be automated through provisioning capabilities.

Chat

For secure, real-time social media communications, solutions like SecuriCHAT ensure that all conversations are secured through local hosting and data sovereignty.

Benefits include:

  • Full logging functionality of activities in the system.
  • Privileged audit capabilities to review the content of messages and attachments.
  • User data is sent securely across the platform.

The data and devices that make up your business are constantly changing. You may have changed your tactics to protect yourself, but never forget that cybercriminals have also changed their methods. They are constantly improving, evolving and adapting. They are always ready for an opportunity to break into your business and steal your data.

It’s important to constantly monitor your cyber defenses.

If you are concerned about protecting your data from hackers, identity thieves and foreign governments, you can call MWare on 082 824 7068 or visit www.mware.co.za.

CYBERATTACKS PUT YOUR BUSINESS AND CUSTOMERS AT RISK

The recent cyberattack on retail giant Dis-Chem has once again highlighted the importance of data security. Barely two months after a similar attack on the Trans Union credit union, we were reminded once again how vulnerable our sensitive data is and that – despite POPI and GDPR regulations – we can’t rely on anyone else to keep it safe.

Encryption – the method of turning information into a secret code that hides its true meaning – is one of the most effective ways to protect your data.

Click below to read How ‘Pig Butchering’ Crypto Scam Victim Got His Money Back from Binance

COMMENTS

LEAVE REPLY

Your email address will not be published.