There is a lot to consider before making any technical change in your company’s operations. And when adopting end-to-end encryption, there are some specific considerations to make to get it right. We asked members of the Young Entrepreneur Council what is most important.
Before adopting an end-to-end encryption (E2EE) system into a brand’s operations, what’s one factor that should be considered?
Their best answers are below:
1. Deploy strategically
E2EE is a challenging implementation process that can and will take time to engage across a company. It’s easier to do when a company is smaller but you need to remember the most vulnerable part of a company is not the system but the resources: the people. You need to train your team so that they understand how to best utilize the system and preserve its integrity. – Nicole Munoz, Start Ranking Now
2. Understand restrictions
You should go into E2EE knowing that the guarantee of private messaging is only between the client and server. It does not enforce protection between two communicating parties. For example, Google Drive is an example of a non-E2EE system. There are already strides toward creating encrypted systems, so it might be best to wait for those before you go investing in one now. – Patrick Barnhill, Specialist ID, Inc.
3. Investigate thoroughly
Consider that there are many types of encryption that generally fall under the E2EE umbrella. Be sure to investigate to choose the one that best suits your needs. – Andrew Schrage, Money Crashers Personal Finance
4. Ensure legal protection
Even with the most involved and restrictive forms of encryption, the possibility of a breach is still present. The most important thing to me in these cases is ensuring that you are legally protected in the unlikely event of a security catastrophe. Failing to do so could sink your business. – Bryce Welker, Crush The LSAT
5. Monitor closely
There may be an important use case for being able to monitor employees’ communication. If your business is large and you have ever had issues with fraud, bullying, sexual misconduct, etc., then you need to be able to see what has been communicated so you understand what has occurred between your employees. – Baruch Labunski, Rank Secure
6. Choose a reputable E2EE provider
With data breaches and malware attacks like Wannacry occurring with increasing frequency, it’s vital for businesses to ensure every potential point of failure in cybersecurity is addressed. More and more, confidential data like client records and trade secrets are shared internally via messaging. Choosing a reputable E2EE provider is an effective way of keeping all data touchpoints secure. – Thomas Smale, FE International
7. Close the back doors
The main goal of E2EE is that only the sender and receiver can see the content of the message. Nobody in between who is monitoring the network or the servers; no hackers, no government, not even the company that facilitates the communication should be able to see the message. Ensure no back doors are built into the system that bypass normal authentication or encryption employed to achieve E2EE. – Eng Tan, Simplr
8. Do your research
Like all new developments in digital security, E2EE requires users to do their homework. E2EE and P2PE (another commonly used method of encryption) entail different costs and different responsibilities. We tell our clients to take digital security seriously, but to do so thoughtfully. Choose the system that meets your needs. – Beth Doane, Main & Rose
9. Ask the experts
Encryption is a delicate balance of trade-offs where one mistake can compromise the whole system. Consult experts in the security field before you start, so you don’t repeat the same mistakes as other companies. – Ron Justin, GroupGets LLC
10. Be vigilant
E2EE helps to ensure security during transit but you shouldn’t be fooled into thinking that this gives you complete security. Research indicates that the most vulnerable point is when it’s stored on your device, drive or even on the cloud. So make sure you also take steps to guard data during the endpoint stage and train your employees in security measures. – Shawn Porat, Scorely
11. Train employees
Trust in your employees is vital before adopting E2EE practices. With E2EE you will not be able to monitor conversations, which could lead to a more relaxed atmosphere that makes your employees happier. But, you will not be able to review evidence unless provided by one or more parties to bullying, sexual harassment or general misconduct. You need employees who don’t require babysitting! – Brandon Stapper, Nonstop Signs
12. Make a comprehensive cybersecurity strategy
With so many security threats, you need to understand that no single measure, including E2EE, is going to protect you from all dangers. Choose a system that’s a good match for your needs. Teach all of your employees to follow security protocols in all areas, including their own devices. Make sure you have a comprehensive security policy and that people in your organization are up to date on it. – Kalin Kassabov, ProTexting
13. Be reliable
The biggest factor to consider before rolling out an E2EE system is reliability. Who is providing the encryption and how? We’ve seen big firms lately become the targets of data hacks, such as Equinox. And it’s important to know who you’re trusting to handle encryption of your sensitive data. Additionally, if you’re relying on them for service updates then reliability becomes even more important. – Jürgen Himmelmann, The Global Work & Travel Co.
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.