In the network security industry, we see firsthand how encryption prevents a wide range of security breaches, protects corporate networks and safeguards sensitive, personal information and communications. As hackers are constantly on the prowl for new methods and attack vectors, and even governments are now monitoring networks, encrypting data has never been more necessary. Despite this increasingly apparent fact, many organizations have been slow to adopt encryption in all of their network communication mediums. The newly released Encrypt the Web report by the Electronic Frontier Foundation (EFF) illustrates that even large, well-known enterprises are susceptible to lapses in properly securing network communications.
Only four out of eighteen enterprises surveyed by the EFF received perfect scores in all five of its encryption best practices categories, which shows that there is still significant progress that needs to be made in securing network communications. A range of other organizations, including such prominent names as Yahoo!, Facebook and Twitter, recognize that securing their data is important, and they are currently planning to encrypt communications between their data centers over the next year, to make sure that sensitive information, such as personal and financial data, is safe at all times. Other businesses should follow their lead.
“They understand their customers want privacy and security, and are willing to deploy additional measures to ensure crypto is in place against a wide variety of attack vectors,” according to Kurt Opsahl, a senior staff attorney with the EFF. “This helps their customers feel more secure about their data.”
Beyond implementing protocols such as HTTPS and STARTTLS to secure communications over the web, as the EFF’s report recommends, enterprises must secure remote access to their networks on all fronts, including utilizing VPNs to safeguard connections to corporate networks. These robust technologies create a highly secure encrypted tunnel that gives employees access to a network without the possibility of information being intercepted. Cutting-edge VPNs go a step further, in fact, by supporting emerging encryption standards, such as Elliptic Curve Cryptography (ECC).
Enterprises need to fully embrace encryption now. By embedding it in an organization’s culture and within every information transmission medium, a wide range of attacks can be prevented. The EFF hopes that their report will nudge more enterprises to comprehensively implement encryption, and we hope so, too.