Skip to main content
banner image
venafi logo

Data Encryption Strategies for Remote Employees [Encryption Digest 48]

Data Encryption Strategies for Remote Employees [Encryption Digest 48]

data-encryption-remote-organizations
September 24, 2020 | Alexa Hernandez

More businesses have made the switch to remote work now than even considered it before COVID-19. And all polls indicate that the majority of non-essential workers will prefer to continue working from home even after the pandemic passes. While this offers plenty of advantages, such as better work-life balance and a wider pool of talent for companies to hire from, there are some inherent data security risks to a fully virtual workspace. Two particular aspects of remote working security made the encryption headlines this week. Will your online organization benefit from some extra attention to confirm your connections to your co-workers and devices are entirely protected?
 


End-to-End Video Encryption Is Just the Beginning

Video conferencing has become a part of everyday life for remote employees, which is why understanding the full scope of how to protect these interactions is vital to your company’s security. To this end, Lifesize CTO Bobby Beck explains that end-to-end encryption alone may not be enough to protect video calls. A lot depends on how you implement that encryption.  

“In order to secure a video call, something in the middle has to be encrypted,” he told UC Today. This is why Lifesize has introduced the concept of a visual indicator within video conferences that will confirm the “middle” of the communication was not intercepted by any bad actors. This approach is more useful because the question is never whether something is encrypted, but who it was encrypted by. Authenticating the encryption is just as important as the level of encryption.

Zoom has recognized the need for enhanced security around video conferencing as well, introducing two-factor authentication to the platform “to protect their users and prevent security breaches”. During the pandemic, Zoom has also extended end-to-end encryption benefits to free accounts.
 

Related Posts:

 

Bluetooth Vulnerability Leaves Encryption Keys Open to Attack

Millions of laptop, tablet and smartphone users may be open to attack due to a vulnerability discovered in “dual-mode” Bluetooth devices that support Cross-Transport Key Derivation (CTKD) for pairing. 

According to the Carnegie Mellon CERT Coordination Center, it is possible for the Long Term Keys/Link Keys (LTK/LK) that are generated when two devices are paired to be overwritten. “An attacker can alter the CTKD code to overwrite Bluetooth authentication keys on a device. In some instances, the authentication keys can be completely overwritten, while in others, keys can be altered to weaken encryption”.

The full extent of the “BLURtooth vulnerability” is still being determined, but it is best to share this information with your organization to ensure that no vulnerable devices are paired with company devices that contain sensitive information. Bluetooth 4.1 and Bluetooth 5.0 are currently considered the highest risk, while Bluetooth 5.1 is already being strengthened against these attacks.
 

Final Thoughts

The Bluetooth vulnerability highlights why it’s critical that organizations take control of machine identities like keys and certificates. To keep your business safe, you need to know how many machine identities you have, where they are located and who’s using them. Incorporating these additional layers of security will prove useful, as organizations do face a certain loss of control when it comes to their employees’ habits outside the typical office.
 

Related posts

 

Like this blog? We think you will love this.
solarwinds-lawsuit-cios-cisos-concerned-unprotected-code-signing
Featured Blog

CIOs in Hot Seat: SolarWinds Sued by Investors for Supply Chain Attack

SolarWinds lawsuit claims company officia

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Alexa Hernandez
Alexa Hernandez

Alexa is the Web Marketing Specialist at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more