Posted on

Protect Privacy and Protect your Brand

Security of data has long been an issue for organisations around the world. Pundits say it’s not a matter of IF but WHEN any given company will suffer a data breach or attack. As catastrophic as it may be at the time, businesses do survive data breaches, despite the damning headlines and the punitive fines.  Notable examples are British Airways and Marriott Hotels.  British Airways was fined £20m by the ICO for a data breach that took place in 2018, and in the last couple of weeks BA has announced that they have now settled compensation claims: https://www.bbc.co.uk/news/technology-57734946

Similarly Marriott Hotels was fined £18.4m for a breach that involved over 500m data files.

While both brands are in the travel industry, which is suffering due to the pandemic, neither saw a notable downturn in consumer sentiment toward them as a result of the breaches. Both have apologised to customers and put measures in place to mitigate further risks.

The Embarrassment Factor

What really kills a business is when something is leaked that is toe-curlingly embarrassing.  Something that cuts to the core of brand values, shows an organisation as dishonest, or not respecting their customers or the general public.  Depending on your age, the famous Ratner moment may spring to mind.  This is when Gerard Ratner claimed that the Ratners high street chain of jewellery stores sold ‘crap’. Previously loyal customers felt under-valued and taken for fools.  They deserted the brand in droves, the business lost significant sales and had to completely rebrand.

PA Consulting lost major government contracts as a result of losing an un-encrypted USB stick containing details of 84,000 prisoners. http://news.bbc.co.uk/1/hi/uk/7575989.stm

More recently, the Tory government, and Boris Johnson in particular, took a knocking when disgruntled ex-Spad (special advisor), Dominic Cummings decided to dish the dirt. He had the saved WhatsApp messages to prove his point.  (Ex-employees that take sensitive WhatsApp conversations with them is another demonstration of why consumer-grade apps should not be used in business – the organisation can’t control the data https://www.theguardian.com/politics/2021/jul/19/dominic-cummings-tells-bbc-that-pm-denied-covid-would-overwhelm-nhs)

Protecting Privacy

Protecting your employees’ individual privacy, and the commercially sensitive and valuable information that they may keep on their mobile devices is a very good reason to use a secure comms app such as those offered by Armour.  Depending on your job, losing data can be inconvenient if it needs to be retrieved, costly if it is of a commercial nature and results in lost sales, extremely costly if it is intellectual property or trade secrets, or, if you are someone from the covert/intelligence services world, a journalist, aid worker or activist working in an unfriendly regime, it can be life threatening.

Protecting the privacy of your customers or citizens is equally important, particularly, as we have just discussed, to protect the brand value and public image of your organisation. Quite apart from the requirements of GDPR, protecting personally identifiable data is a worthy goal in its own right, as the distress and inconvenience its loss could cause an individual is immeasurable.

How a Secure Comms App can help

Providing an app like Armour® Mobile, or SigNet by Armour®, for your employees to use for business conversations, be they voice, video, conference or messaging, or sharing sensitive documents, helps employees to become more security aware. The apps have great usability (something our UX designers have worked hard on), so there is no learning curve to get people to use them, ensuring swift user adoption by the user community. The organisation is in full control of its data, and when an employee leaves, their account can be deleted, along with all of the data held in their account.

Using an enterprise-grade secure comms app sets the tone, and leads by example, so that employees understand that data security and data privacy is something that needs to be taken very seriously. It protects your staff, protects their privacy, the privacy of your customers, and ultimately may save your brand from an embarrassing ‘disgruntled ex-employee dishes the dirt’ moment.

For more information about how Armour Comms can help your organisation to keep control of your data and protect privacy, contact us today or view our latest podcast below.

Our Latest Podcast – Privacy V Security: https://youtu.be/IeeBvl2XJAc

Posted on

Reflections from DSEI – Secure Comms are gaining ground

Back from DSEI, and time for reflection on our first face to face, in the real world event in nearly two years. A lot has changed, and not just pandemic-related working patterns.  Since we were last at DSEI there has been a sea change in perception about the necessity for secure communications.  There is a growing understanding of why people need controlled, secure apps for business/work/official comms and why consumer grade apps, like WhatsApp (and others) are simply not suitable.  This article in the New York Post is the latest in a string of news stories on why WhatsApp is not as private and secure as Facebook would have us believe: https://nypost.com/2021/09/07/facebook-reads-and-shares-whatsapp-private-messages-report/

As the world reopens for business it needs trusted communications across untrusted networks

Talking to a wide range of people at DSEI has confirmed what we believed to be the case from many conversations we’ve had in recent months.  While working from home people have been using tools like Teams and Zoom, which they are now used to. Organisations know that such tools are not really secure enough, but they’ve mitigated a lot of the risk with processes and additional technology, because while people are working from home, the network is a known entity, even if not totally trusted.

However, as the world starts to open up once more, people are moving to hybrid and remote working, which means a return to airport lounges, coffee shops, shared offices, and anywhere that there is a WiFi connection.  Working from a myriad of different locations also means a return to dynamic untrusted and unknown networks in a landscape where threats have evolved and perpetrators are two years more savvy.

Unlike the start of the pandemic, where lockdown was sudden and IT departments scrambled to keep staff productive by any means possible, the return to more normal working can be planned, which means ensuring people have the appropriate tools for the job.  This includes a professional, enterprise-suitable, secure comms solution.

Armour Comms has the answer

Working with our strategic partners at Qinetiq, Amiosec, Bittium and Samsung, Armour Comms is able to provide a broad range of solutions suitable for many different use cases including those with higher assurance requirements.

One of our customers is currently deploying Armour Mobile across several operational and office areas to replace the use of consumer grade apps.  Our NATO approved solution now includes unique Secure Push technology from Bittium, allowing secure and battery efficient signalling of Armour Mobile calls and messages via classified networks without requiring connectivity to the public internet. This ensures that voice and video conversations, and the associated files and attachments stay completely private, no matter how hostile the environment, all the while providing a user experience to match consumer-grade apps.

On show for the first time was Unity by Armour, which works in conjunction with Armour Mobile to provide secure video conferencing calls (pre-defined or on-the-fly), screen sharing and integration with secure chat groups. The extension to our offerings enabling secure collaboration was extremely well received highlighting the growing requirement for enterprise secure video conferencing. In addition to our existing one-to-one secure audio and video calling Unity by Armour provides picture in picture and multiple screens, and offers a familiar video conferencing interface, making it easy and intuitive to use. Available with a choice of hosting options, which includes on-premises installation, communities are controlled by invitation-only, increasing security and guarding against ‘zoom-bombing’.

For more information about the importance of Secure Conferencing view our podcast on the topic here: https://youtu.be/Mrj9iaPedSI

Secure-by-default communications to power productive collaboration

The importance of a good user experience can’t be overstated. If secure solutions are difficult to use, clunky and irksome, people will simply resort to other less secure methods often via un-managed and unsecure ‘shadow IT’.  A secure comms app needs to be easy enough to use for everyday business communications allowing users to be productive and collaborate without friction. People don’t want to differentiate between what should be a ‘secure call’ and a conversation that can be had over ‘normal’ channels, and nor should they have to.  Armour Comms solves the conundrum of a secure-by-default comms application that is still easy to use and quick to deploy at scale.

Contact us today for a trial 

Posted on

GDPR and Mobile Comms

How compliant is your organisation?

GDPR may have slipped from the headlines, and now be seen simply as ‘job done’ in many organisations. However, with the widespread adoption of remote working due to the pandemic, some aspects of data security may have slipped as people revert to less than optimal practices. It is worth remembering that the penalties for infringement can be costly with a maximum fine of EU20m or 4% of annual global turnover, whichever is the greater.

Data Privacy is a worthy goal

GDPR legislation should not be viewed merely as a compliance requirement. There is very real value in protecting privacy given that personal data is so highly sought after by criminals, and its loss can be devasting for the individual concerned. Protecting personal data is a worthy goal in its own right. If people in your organisation are using consumer-grade apps for business communications then you may be contravening GDPR regulations.

As an example as we cover in our Replacing WhatsApp for Business? blog, WhatsApp should not be used for business communications – it expressly says so in its Ts & Cs. Apart from this, you should keep in mind these points when assessing what data might be shared using an app that your organisation does not control:

  • What type of data is being shared using mobile apps? Is it personally identifiable, like HR or payroll data?
  • Has consent been given for the data to be shared, such as business contacts whose details are then distributed via mobile phone apps?
  • Can you control where the data might end up? Can you stop it being forwarded to an unauthorised user or location? Do you know where the servers are located that will store the data?
  • Can you control who might see the data?
  • Can the data be deleted once it is no longer required?

If you are unsure about any of these points, then it is worth taking a closer look at the apps in use in your organisation, and safe-guarding your business by moving to an Enterprise-grade secure communications app.

Enterprise-grade alternatives from Armour Comms

Armour Comms provides a range of solutions, and the knowledge and experience to curate a suitable service to meet exact requirements. Armour Comms solutions are specifically designed to provide enterprise-ready capabilities, including gateways into existing unified communications systems, for professional customers including governments, financial and legal businesses, defence organisations and high net worth individuals.

Armour Mobile – available for iOS, Android and Windows Desktop, hosted on the Armour Secure Cloud, or as an on-premises solution. Based on NCSC and NATO approved MIKEY-SAKKE protocols, the Armour Mobile app is downloadable from app stores, and benefits from both central administration and quick-and-easy provisioning of new users.

Armour Recall – is now available as an additional module for Armour Mobile users for on-premises deployments and provides secure, centralised audit of all text, audio and message attachments. While designed for organisations in regulated industries such as financial services, legal, pharmaceutical and medical, Recall audit capabilities can be useful for many other security conscious organisations that need to be able to prove who said what, to whom, and when.

SigNet by Armour – an alternative to Armour Mobile for specific use case requirements, using AES 256-bit encryption technology. Available as a hosted or an on-premises solution, SigNet too is downloadable from the app stores, centrally administered, and quick and easy to provision new users.

All Armour products are designed with the end user in mind, to deliver a highly usable experience that surpasses free-to-use apps, with enterprise features and security baked in.

For more information on how Armour Comms can help your organisation to secure personal and sensitive data held on business mobile devices, contact us today.

 

Armour Comms has published a podcast explaining GDPR and its impact on Mobile Communications which you can view here:

https://youtu.be/kI7qyzXR0-U

Posted on

Elements of User Experience

 

In a world where there’s an app for just about everything, how can enterprise systems, designed for a serious business purpose engage in the same way as their consumer-grade cousins?

Business apps now need to do what they say they will and in doing so, they must delight the user. Ideally, security products should be so easy and intuitive that users have no reason to use anything else – so avoiding workarounds, a key tenet of good cybersecurity.

When designing new products, the User Experience is key. What do we mean by user experience and why is it so important? Daniel Hermoso, Product Designer at Armour Comms explains.

What is User Experience?

User Experience, or UX for short, encompasses all aspects of the end-user’s interaction with a company, its services and its products. This is a more holistic way of looking at user interactions than simply through the user interface (UI). Whether by design or by default, every product or service we interact with delivers an experience to our users and end customers.

Why does it matter?

Many of us have mixed feelings about the products and services we use every day. They can either empower us to do our jobs better or leave us frustrated when they fail to meet our needs or requirements. In short, they have the ability to complicate or simplify our lives.

As alluded to above, a good UX is particularly important for security products, like the ones we develop at Armour. Not only must they do a better job in terms of data security than consumer apps, but they must match in terms of usability too.

So what makes a good user experience?

Aarron Walter in his book of Designing for Emotion, describes a hierarchy of user needs that closely mirrors Maslow’s hierarchy. In it he outlines that in order to achieve superior needs such as delight or pleasure, more foundational needs must be met first such as functionality and usability.

 

When people think about well designed products, usually they think about the aesthetics (such as the user interface). Is the product pleasing to look at or does it feel good to the touch? Yet designing products with user experience in mind means looking much deeper, beyond the aesthetics, at the hierarchy of user needs.

Functional

It starts with function, the need solve a problem. A beautiful product that fails meet basic user needs is not viable. Sometimes this is forgotten and can cause issues as product teams invest a lot of time and effort building something nobody wants to use.

Reliable

Second, the product must be reliable. Can we count on it to deliver the actions or service that our users are expecting? Does it consistently perform well. This is important because it builds trust with customers and improves user engagement.

Usable

Usability is key because it assesses how easy products are to use. It aims to remove all barriers that prevent efficient human-computer interactions. The product and services need to be easy to learn, easy to use and easy to remember.

Pleasurable

In a highly competitive market, it’s no longer enough to design products that simply meet the basic utility needs. It’s critical to design a purposeful and memorable experience that people will enjoy.

Having recently watched the Great British Bake Off, I like to think of the user experience in the same way that the bakes are judged. You can always tell which bakes failed during the process solely from having a look at them. However to truly distinguish, the best from the rest you have to understand the process. What ingredients were used and every step it took achieve the outcome. Only by tasting the bake can the judges distinguish the true masterpiece.

In much the same way, only by applying UX principles to product design, where a foundation of function, reliability, and usability are achieved, can we expect to deliver a truly delightful experience to the user. As they say, the proof of the pudding is in the eating!

Armour Comms has published a podcast explaining the Elements of User Experience which you can view here :

Posted on

NCSC – 7 Principles for Secure Communications explained

NCSC 7 Principles for Secure Communications

There are seven principles defined by NCSC, and they are:

  1. Protect Data in transit
  2. Protect network nodes with access to sensitive data
  3. Protect user access to the service
  4. Ensure secure audit of communications is provided
  5. Allow administrators to securely manage users and systems
  6. Use metadata only for its necessary purpose
  7. Assess supply chain for trust and resilience

Principles 1-4, Part 1: Click Here

Principles 5-7, Part 2: Click Here

Posted on

AES-128 and AES-256 encryption v Quantum Computing

How safe is your data?

A few years ago we posted a blog – AES-128 v AES-256 encryption – What’s the difference?

To date, it has been our most popular page.

In answer to the question “What’s the difference”, we stated – Practically nothing!

That is because 128 bit encryption is pretty strong, and being a magnitude stronger may not make you that much more secure, given that it is rarely the encryption that is the weakest link and therefore rarely the part that gets attacked.

Since we wrote the blog, quantum computing has come closer and is now a real possibility within the next few years. For this reason, we thought it was worthwhile revisiting our blog to see if this made any practical difference between 128 and 256 bit encryption

Our CTO and co-founder Dr. Andy Lilly explains the differences in this short podcast.

Available on:

YOUTUBE: https://youtu.be/Z463jy64fwo