The Holy Trinity of Cybersecurity

In the cybersecurity world, one of the biggest challenges is technology adoption. The degree of adoption is directly proportional to the level of ease of use and required amount of business functionality. This is why some of the highly secure products have failed because either they lack the functionality or they are too clunky to use.

We, at DropSecure, believe that to create a useful SaaS product, the product team needs to strike the right balance among three main elements – Security, Functionality and Usability. In most cases, there is a trade-off among these three elements.

In the last decade, often the product is developed to provide a set of functionalities then the functionalities are optimised to achieve ease of use and then a security layer is applied like sprinkles on  cake!

Now the product is created, let’s secure it!’ This old-school approach has been disastrous for many players in the file share and cloud storage industry.

Some of the big players from last decades are struggling to offer adequate security on their product offerings mainly because security has always been an afterthought in their product design approach. They are finding it extremely difficult now to secure the whole bouquet of features (arguably many of them are completely unnecessary). No wonder why their security gets breached so often.

In fact, many of them  are now forced to partner with other security solutions but many security experts believe that it’s more of a patch work and such combinations fail to provide a comprehensive security protection. In contrast, DropSecure was conceived with these three elements right in the centre of the development process. Therefore, in our case, security is not an afterthought – it is the product!

It’s important to understand the holy triad of product development.

A triangle can be used to help explain the relationship between the concepts of security, functionality and usability – because there is an inter dependency between the three attributes. An increase or decrease in any one of the factors will have an impact on the other two.

Functionality

It can be defined as one or all of the operations that a software program is able to perform. It’s a known fact that increasing the number of functionalities in an application will also increase the surface area that a hacker can attack when trying to find an exploitable weakness. Therefore, when an application has too many functionalities, the level of security should always be questioned.

Usability

It can be defined as the degree to which something is able or fit to be used. The trade-off between security and usability is a common challenge in the real world, and often causes friction between users and those responsible for maintaining security. Especially, when security is an afterthought. Clunky products are often the outcome of such trade-offs.

Security

It can be defined as all the measures that are taken to protect a system, application or a device as well as ensuring that only people with permission to access them are able to.

A study of users from IT-companies and banks found that while users state to be motivated and knowledgeable about security, many did not perform individual action. They considered security measures to be impediments to work. Also, requirements of expected security behaviour and awareness campaigns had little effect on user behaviour.

But weakening security to improve functionality and usability will lead any systems to be vulnerable to attack so there needs to be a way to maintain ease of usability and functionality without compromising security.

The DropSecure Approach

From the conception, we knew that to be truly effective, security needs to be built-in from the ground up. Therefore, DropSecure is built with Secure by Default philosophy. Secure by Default is about taking a holistic approach to solving security problems at root cause rather than treating the symptoms. DropSecure is powered by Zero Knowledge Encryption – this technology makes every single interaction secure by default.  You can read more about The Power of Zero Knowledge Encryption here.

At DropSecure, we believe that a user should never have to compromise on security or ease of use. A collaborative tool must deliver on both of these promises.  Our awards, industry recognitions, and customer reviews are the testimony to the fact that DropSecure is designed with customer needs at the centre of everything.  

In terms of functionality, we accept that we may not have every collaboration feature that some of the cloud service providers offer but then for us the choice was clear – security over bells and whistles.  We are glad to see that many organizations have prioritized security over elaborate features. That’s precisely the reason why they are embracing DropSecure and giving us the highest ratings possible.

If you haven’t already, take our free trial today and experience the combination of security, functionality and ease of DropSecure usage today!

The Power of Zero-Knowledge Encryption

The term “Zero-Knowledge Encryption” is increasingly becoming synonymous with a complete insurance on your data privacy.

Zero-Knowledge Encryption means that no one except you (not even the service provider) can access your secured data. 

This is a crucial point – even with totally encrypted files, if the server has access to the keys, a centralised hacker attack can cause an unrecoverable data breach. Other service providers who only rely on in-transit and at-rest encryption are making files and passwords vulnerable to potential data breaches due to server-side decryption processes.

However, in the case of DropSecure, there is no point in time when passwords, encryption keys or unencrypted files are visible to unauthorized users – even to DropSecure servers.

Most cloud collaboration providers sacrifice security for collaboration features. In order to provide elaborate features, they have to decrypt your documents on the servers and read them. It’s literally like your postman reading all your letters before delivering them! In contrast, zero-knowledge solutions like DropSecure know nothing about the content and it’s virtually impossible for anyone to access them apart from you.

With DropSecure’s zero-knowledge encryption, your data will not be compromised even if our super secure databases ever get breached. Attackers won’t be able to read any encrypted data — or get their hands on your password for decryption. After all, even we don’t have it!

Zero-knowledge encryption also protects your stored data on DropSecure. When we backup your data on our servers, it’s already encrypted. There is absolutely on way for us or any potential intruder to know what you’re storing in DropSecure folders.

Before concluding let’s make a round up of the pros and cons of Zero-Knowledge Encryption.

Advantages:

  • Total control over your files: your files will not only be encrypted, but also stored in a flexible and super secure cloud. Therefore, you can access it from any device at any time.
  • Data cannot be accessed by the service provider: If nobody can access your data, you don’t even need to trust your provider. It’s not about trust, it’s about maths.
  • Virtually unhackable: Even the harshest hacker attacks cannot compromise the privacy of your data. The only thing that they get is a load of gibberish!
  • Compliance: Because of the ‘Zero Knowledge Encryption’, such platforms are by default compliant to many industry regulations.

Disadvantage:

  • Password reset:  due to the Zero Knowledge Encryption solution, such services do not store your passwords. Therefore, if you forget your password, there is no way for service provider to reset your password. This is why at DropSecure, we recommend enterprise users to have two super admins on the account so if you forget your password, the other super admin can reset it.

At DropSecure, we firmly believe that Zero-Knowledge Encryption is the safest way to store and share sensitive documents via cloud. DropSecure is a leading Zero-Knowledge Encryption solution trusted by numerous companies and institutions across world. If you haven’t tried it yet, take a free trial now and give this military grade encryption a test drive today!

Cybersecurity – a key component to enhance brand equity

“Reputation, reputation, reputation! O! I have lost my reputation. I have lost the immortal part of myself and what remains is bestial. ”  – William Shakespeare, Othello

A positive brand equity is one of the most valuable assets an organization can possess. Cyber breaches have a direct and in many cases, a colossal impact on brand equity. Customer trust in cybersecurity can be vital in some industries such as, banking, accounting, real estate, healthcare, HR, etc.
However, not enough organizations are attempting to gain customer confidence through marketing their cybersecurity and are missing out on a massive opportunity. After all, cybersecurity can offer a crucial competitive advantage especially when adequately advertised.

The past two decades have witnessed a sharp increase in cybersecurity attacks on businesses and internet advertising. In a recent survey by Proofpoint, about 2,400 out of 3,600 surveyed companies and organizations faced ransomware attacks in 2020, with 52% paying the attackers in order to restore data access. A report of IBM Security suggests that on average, breaches now cost organizations $3.86 million per attack. An excellent article from Toptal illustrates the cost of security breaches. These are measurable costs, what about the intangible costs to a brand caused by these data breaches?

Data breaches can have a staggering effect on the brand equity causing both direct and indirect costs such as a damaged reputation and weaker levels of customer trust.

Recent research suggests that organizations suffering cybersecurity breaches are associated with more canceled trademarks, fewer trademark registrations, and fewer trademark citations – all pointing to weakened brand capital.

A cyber breach can also have an effect on corporate stock prices, impacting not only the company, but the investors that help that company grow.

Comparitech analyzed 28 companies that had experienced data breaches to determine the impact on stock prices. Some of their key findings include:

  • Share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 7.27% on average, and underperform the NASDAQ by -4.18%.
  • Finance and payment companies saw the largest drop in share price performance following a breach.
  • Breaches that leak highly sensitive information like credit card and social security numbers see larger drops in share price performance on average than companies that leak less sensitive info.

We know that data breaches have negative impact on brand equity. But do cybersecurity measures have a positive impact on the brand?  It turns out, they certainly do:

87% of the CEOs say they are investing in cybersecurity to build trust with their customers “

– PwC – 21st CEO survey

A  cyber security report from Vodafone, Cyber Security: The Innovation Acceleratorhighlights a strong link between how cyber security is used and successful business, with 86% of high-growth companies seeing information security as an enabler of new business opportunities, rather than simply a means of defence.

The research showed a number of perceived benefits that strong cyber security can bring to the relationship between an organisation and its customers:

  • 89% of businesses said that improving cyber security would enhance customer loyalty and trust, thus improving overall brand equity.
  • 90% said it would enhance their reputation in the market, potentially attracting new customers.
  • 89% said they felt better information security was a competitive differentiator that would help them win customers.

Cyber security is certainly an important component to brand equity. After all, brand equity reflects the trust customers have in the company. Hopefully, we should see more organizations firstly adopting and applying cybersecurity best practices across organization and secondly, using cybersecurity promise in their marketing campaigns to enhance overall brand equity.

 

The importance of data security for CPAs and Tax Professionals

Fraudsters see these forms very differently than you and I.

Seemingly common and simple information like names, addresses, social security numbers, etc., become gateways for identity thieves to enter private lives of unsuspecting victims. The ensuing disruption, loss and stress can affect people and businesses in disproportionate ways.

A Harris Poll research for the American Institute of CPAs (AICPA) revealed that “three in five Americans (60%) believe it is likely that identity theft will cause them a financial loss in the next year”.

Javelin go so far as to say that “financial institutions’ methods to identify and respond to fraud are no match for criminals’ high-tech schemes to hijack consumer accounts. Fraud losses…in 2019 resulted in consumers facing $3.5 billion in out-of-pocket costs …as criminals shifted their focus from card fraud to opening and taking over accounts”.

Now, opening and taking over bank accounts requires a whole repertoire of personal information which is normally not easily available to thieves. Yet, a single hack into a CPA’s database might hit them a jackpot! Every piece of information required to ‘open and take- over bank accounts’ of hundreds of unsuspecting victims is presented to them on a platter. Stolen identities and information can and is often used to commit a host of other crimes. Don’t let your business be that jackpot!

Most taxpayers now file returns online. Relevant paperwork and data are freely shared via personal emails, text messages and images via multiple platforms. While this digital transformation has greatly improved speed and efficiency for tax-payers, tax professionals and the IRS, it has inadvertently also opened up gaping chasms for data breaches.

Rule 1.700.001 of the AICPA Code of Professional Conduct (AICPA Code), Confidential Client Information Rule (the Rule), stipulates that public practitioners shall not disclose any confidential client information without the client’s specific consent. And where there is an unauthorised breach, the processes and procedures that were in place will be considered… and where applicable, criminal penalties may apply for negligence in safeguarding taxpayer’s information.

The consequences of a single unfortunate breach are much too grave to be ignored. Not to mention the reputational risk that can shatter the hard-earned goodwill earned by businesses. And reputational loss, especially for small and medium size businesses, is nearly impossible to revive!

Luckily, advancement in technology now provides safe and easy solutions to avoid this risk in the form of data encryption, which is the process of encoding information by converting it into an alternative and uncompromisable form known as ciphertext.

DropSecure is one such platform that uses military-grade, multidimensional and dynamic encryption methods to safeguard data.

DropSecure uses randomly generated AES 256 bit symmetric keys for securing data transfer. This ensures that data shared between you and your client via DropSecure leaves devices fully encrypted and secured. A two-factor identification process is then used before issuing a decryption key/OPT to the intended recipient before it can be accessed. The File Vault Protection option can further safeguard any data saved by users on DropSecure servers by using ‘public key cryptography’.

What makes DropSecure different and better than other encryption platforms is that it requires no software installations and needs no passwords. What’s more, managers can set expiration dates, control and revoke access on files and folders, thereby ensuring that data is held only by the rightful owners and disposed of when the need is fulfilled. Zero Knowledge transfer further ensures that DropSecure themselves have absolutely no access to client information.

So really, no data is ever found in the wrong hands; and certainly, never lost.

With simple pricing solutions and FINRA, SEC and HIPPA compliance, DropSecure provides stress-free solutions for effectively safeguarding data while ensuring legal compliance

DropSecure’s mission is to simplify your communication and sharing needs without knowing the contents of your data. To that extent, you can rest assured that your data is in your control.

Get secure with DropSecure cyber security’s 7-day free trial today.

Awards and Achievements