End-to-end encryption is an essential technology that can keep sensitive data secure when it is being transmitted digitally. Without proper encryption, important information — including your financial records, acquisition plans or worse, your customers’ credit card data — can easily fall into the wrong hands, with devastating results.
To gain some insight on the topic, I asked a panel of experts from YEC the following question:
What is one thing to keep in mind when working with E2EE systems?
Here is what they advise:
1. Choose a Reputable Provider
“The last thing you need is malware attacks and data breaches infiltrating your system. You need to ensure that every potential area of failure in your cybersecurity is addressed so that your business isn’t at risk of these attacks. To prevent this, choose a reputable E2EE provider that can guarantee your data is safe and secure.” – Thomas Griffin, OptinMonster
2. Protect Your Conversations
“When working with E2EE systems for messaging, it’s important to remember that E2EE won’t save you if your phone is stolen or your content is able to be accessed. That’s why it’s important to still set your messages to expire. Setting an expiry timer will ensure that your older messages and sensitive conversations will be deleted and disappear.” – John Turner, SeedProd LLC
3. Guard Your Keys
“Make sure your keys are properly guarded to protect from hacks and unwanted activity. Some companies have thousands upon thousands of keys but don’t understand their function or how they help their business. It’s essential to lay out this information beforehand, so you never have to worry about your information is secure.” – Chris Christoff, MonsterInsights
4. Choose What to Encrypt
“When you’re using an E2EE system you have to decide which data you want to encrypt. If you try to encrypt everything you could dramatically slow down the transfer of data on your website. Prioritize the information that contains sensitive information and encrypt that data first.” – Syed Balkhi, WPBeginner
5. Include IT in a Larger Security Strategy
“E2EE is just the first step in ensuring security, but its implementation must be backed by giving requisite security training to the workforce and educate them about the dangers of malware and phishing attacks. The loss of the private key can expose the data to malicious sources. E2EE does not cover the hardware, and loss of devices such as laptops or mobile phones could endanger your data security.” – Rahul Varshneya, ResumeSeed
6. Train Your Employees
E2EE doesn’t provide complete security so it’s important to train your employees on security measures in order to keep data that’s stored on their devices or in the cloud safe. You’ll only be able to reduce security risks if your entire team is involved. – Stephanie Wells, Formidable Forms
7. Consider the Loss in Memory Performance
“End-to-end encryption is extremely valuable and is a pivotal part of keeping the internet secure. However, when you’re working with an E2EE system, you have to take into consideration that there is a significant loss in memory performance. Due to this loss, things could take longer to send and test, which could cost your company time and hassle that you didn’t anticipate.” – Blair Williams, MemberPress
8. Find the Right E2EE System
“Some E2EE systems let you choose which data (not necessarily all) needs encrypting, while others might not. Make sure you know the difference and match whichever system fits your business needs the best.” – Andrew Schrage, Money Crashers Personal Finance
9. Remember E2EE Is Not Absolute
“Encrypted communication apps have become increasingly popular. They tout disappearing messages and identity confirmation as security features. However, there still remain several avenues a hacker can pursue in order to obtain sensitive user data. Using E2EE is a good practice as long as users understand it’s not providing absolute protection, particularly when the data is at rest versus in transit.” – Susan Rebner, Cyleron, Inc.
Published July 12, 2019 — 09:00 UTC