This article was published on August 3, 2018

13 things to consider before adopting end-to-end encryption


13 things to consider before adopting end-to-end encryption

There is a lot to consider before making any technical change in your company’s operations. And when adopting end-to-end encryption, there are some specific considerations to make to get it right. We asked members of the Young Entrepreneur Council what is most important.

Before adopting an end-to-end encryption (E2EE) system into a brand’s operations, what’s one factor that should be considered?

Their best answers are below:

1. Deploy strategically

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

E2EE is a challenging implementation process that can and will take time to engage across a company. It’s easier to do when a company is smaller but you need to remember the most vulnerable part of a company is not the system but the resources: the people. You need to train your team so that they understand how to best utilize the system and preserve its integrity. – Nicole MunozStart Ranking Now

2. Understand restrictions

You should go into E2EE knowing that the guarantee of private messaging is only between the client and server. It does not enforce protection between two communicating parties. For example, Google Drive is an example of a non-E2EE system. There are already strides toward creating encrypted systems, so it might be best to wait for those before you go investing in one now. – Patrick BarnhillSpecialist ID, Inc.

3. Investigate thoroughly

Consider that there are many types of encryption that generally fall under the E2EE umbrella. Be sure to investigate to choose the one that best suits your needs. – Andrew SchrageMoney Crashers Personal Finance

4. Ensure legal protection

Even with the most involved and restrictive forms of encryption, the possibility of a breach is still present. The most important thing to me in these cases is ensuring that you are legally protected in the unlikely event of a security catastrophe. Failing to do so could sink your business. – Bryce WelkerCrush The LSAT

5. Monitor closely

There may be an important use case for being able to monitor employees’ communication. If your business is large and you have ever had issues with fraud, bullying, sexual misconduct, etc., then you need to be able to see what has been communicated so you understand what has occurred between your employees. – Baruch LabunskiRank Secure

6. Choose a reputable E2EE provider

With data breaches and malware attacks like Wannacry occurring with increasing frequency, it’s vital for businesses to ensure every potential point of failure in cybersecurity is addressed. More and more, confidential data like client records and trade secrets are shared internally via messaging. Choosing a reputable E2EE provider is an effective way of keeping all data touchpoints secure. – Thomas SmaleFE International

7. Close the back doors

The main goal of E2EE is that only the sender and receiver can see the content of the message. Nobody in between who is monitoring the network or the servers; no hackers, no government, not even the company that facilitates the communication should be able to see the message. Ensure no back doors are built into the system that bypass normal authentication or encryption employed to achieve E2EE. – Eng TanSimplr

8. Do your research 

Like all new developments in digital security, E2EE requires users to do their homework. E2EE and P2PE (another commonly used method of encryption) entail different costs and different responsibilities. We tell our clients to take digital security seriously, but to do so thoughtfully. Choose the system that meets your needs. – Beth DoaneMain & Rose

9. Ask the experts

Encryption is a delicate balance of trade-offs where one mistake can compromise the whole system. Consult experts in the security field before you start, so you don’t repeat the same mistakes as other companies. – Ron JustinGroupGets LLC

10. Be vigilant

E2EE helps to ensure security during transit but you shouldn’t be fooled into thinking that this gives you complete security. Research indicates that the most vulnerable point is when it’s stored on your device, drive or even on the cloud. So make sure you also take steps to guard data during the endpoint stage and train your employees in security measures. – Shawn PoratScorely

11. Train employees

Trust in your employees is vital before adopting E2EE practices. With E2EE you will not be able to monitor conversations, which could lead to a more relaxed atmosphere that makes your employees happier. But, you will not be able to review evidence unless provided by one or more parties to bullying, sexual harassment or general misconduct. You need employees who don’t require babysitting! – Brandon StapperNonstop Signs

12. Make a comprehensive cybersecurity strategy

With so many security threats, you need to understand that no single measure, including E2EE, is going to protect you from all dangers. Choose a system that’s a good match for your needs. Teach all of your employees to follow security protocols in all areas, including their own devices. Make sure you have a comprehensive security policy and that people in your organization are up to date on it. – Kalin KassabovProTexting

13. Be reliable

The biggest factor to consider before rolling out an E2EE system is reliability. Who is providing the encryption and how? We’ve seen big firms lately become the targets of data hacks, such as Equinox. And it’s important to know who you’re trusting to handle encryption of your sensitive data. Additionally, if you’re relying on them for service updates then reliability becomes even more important. – Jürgen HimmelmannThe Global Work & Travel Co.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with