Many senior staff would like to view internet security breaches as the result of either the intrusion of a James Bond super cyber-villain or of an inside job. According to Verizon’s 2013 data breach report, 92 per cent of breaches originate outside of a company and the majority of successful attacks rely on low-tech interception of information like passwords and usernames, rather than hi-tech circumvention of security programs. This type of hacking and social breach represents 87 per cent of all incidents, which means that companies need to be more concerned about encryption than the loyalty or proficiency of their staff.
The Role of GPG(OpenPGP) in Corporate Security
The importance of software like GPG (The GNU Privacy Guard) becomes apparent when you discover that most breaches are not even discovered for weeks or months after the event.
When sending sensitive information, such as client financial details, details of a business acquisitions or product developments you need to know that the information you’re sending is secure. Emails can be intercepted and laptops stolen, and virtually the only protection you have in such a situation comes in the form of encryption.
GPG is a free replacement for PGP (Pretty Good Privacy) that works across multiple systems and is designed to work interoperably with PGP. Both forms of security are based on asymmetric encryption using ‘security keys’, known as public key cryptography. These keys encode and decode your emails, so that only someone with their own private key can decrypt and read an email, even if it has been electronically intercepted or the hardware stolen.
The Advantages of GPG
As well as keeping email encrypted, GPG provides security signatures that prove the origins of an email. This means that staff are protected from phishing scams, one of the most common breaches.
GPG is compatible with the most common email clients, and has many Graphic User Interface (GUI, a point-and-click rather than code operation) front-ends, including an Outlook 2010 and 2013 plugin. As an open-source GNU program, it’s improving all the time and companies can be sure that there are no exploits or backdoors nestled in the code. It’s GUI means it’s usable ‘straight out of the box’, with no requirement for expensive staff training.
We all send an average of 5000 attachments a year individually, and with almost 80 per cent of employees accessing this data from personal devices like smartphones and tablets the security risk is high. As we become more mobile as workers it’s inevitable that we need a non-local, mobile security solution, a solution that travels with our email – encryption.