Nicole Allen, Salt Communications: “negligence around protecting your company will only be detrimental in the future”
Even though cases of data leaks and devastating attacks hit the news almost daily, certain companies still struggle with securing their communications.
There’s no denying that the pandemic disrupted the way many businesses operate. While some were quick to adapt, the chaos and uncertainty of this new environment led to many organizations using email, or even basic mobile apps to communicate critical information. Unfortunately, the increase in data breaches and other cybercrime show that insecure messaging systems proved to be attractive entry points for threat actors.
To discuss how organizations should approach communication security, we invited Nicole Allen, the Marketing Executive at Salt Communications – a company making sure that sensitive enterprise information remains confidential.
How did the idea of Salt come to life? What has the journey been like since your launch in 2013?
A selection of Salt Communications’ founders were living in California working for global enterprise solution providers and networking companies and could not help but notice the dramatic shift towards mobility after the introduction of the iPhone in 2007 and then Android in 2009. It was clear that the demise of the BlackBerry device and the rise in communication apps were changing the way professionals were using their work devices, with CEOs and senior executives demanding to use the new iPhones and Android devices for work. Salt saw that consumer messaging systems were beginning to brand themselves as secure because they offered some form of encryption, but Salt knew that encryption alone does not make a communications system secure.
Salt took the approach to develop the best armor organizations have to protect trade secrets and other sensitive, strategic, and proprietary information when communicating on mobile devices. We saw the opportunity to build a system that offered all of the nice elements of the consumer apps but focused on providing organizations with maximum control and security. Salt allowed customers to have full control of the system, remain compliant, and of course, keep their private communications secure, which are things these consumer systems couldn’t offer.
Salt’s journey has been incredible since 2013, growing sales year on year and expanding into new countries every quarter. Salt first took its product to market in 2015, working with global partners to provide their secure communications platform to government, defense, legal, financial, and oil & gas clients in international regions. Salt continues to build these strategic relationships and their pipeline to ensure continued growth as the requirement for secure communications for global organizations continues to rise.
Can you tell us a little bit about your communication platform? What are its key features?
The feature list for Salt Communications is improving constantly, with Salt Communications offering many features that are exclusive to the market. Salt became the first company to provide a holistic solution for closed encrypted communications between modern smartphone users and the secured systems they access within their organization. Our product provides full centralized control for administrators, as well as federated interfaces into and from trusted internal services. End users are those who need mobility coupled with the most secure voice and video calls, messaging and image/file transfer to enable critical decisions from any location.
Salt also provides organizations with the ability to own their secure communications platform, by provisioning an on-premise deployment, or by developing a full white-labeled version of the system, or both if they wish. Salt has many other unique features such as the ability to restrict users from taking screenshots, the ability to prevent users from having the capabilities to download documents or images, and the ability for users to purge messages from their devices & all recipients' devices too – a function that can be done manually or have a timer setting.
What are the most serious issues that can arise if a company doesn't have secure communication systems in place?
Salt Communications works with clients in many different industries who need to secure their communications for a number of different reasons but who understand the importance of having full control over their sensitive communications. In certain cases, public and private leaks of important communications offer real dangers for many organizations and in some cases may affect the safety of their staff and population.
For example, Salt Communications works with global law enforcement agencies that need to secure important information that is being discussed during high-pressure situations. Mobile communications present major privacy challenges within policing. With a consistent increase in reported hacking activities, law enforcers have to ensure that they vigilantly put the necessary measures in place to protect their communications from interception and cyber attacks.
In other industries, organizations understand that a leak of confidential information could be detrimental to the reputation of the organization, which could lead to client dissatisfaction, a loss of business, and in extreme cases cause the company to go out of business.
Do you think the pandemic affected the way people approach cybersecurity?
The pandemic absolutely impacted the way in which people approach cybersecurity, in many different ways. Defending an organization of entirely remote workers and their computers had never been achieved before. We now do it on a daily basis. The role of a cybersecurity professional revolves around potential risk and the need to react quickly to new threats and events that could place our companies and their employees in danger. There must always be a great deal of preparation in place, with a straightforward method and playbook to follow or a fundamental capacity to fall back on in any scenario.
However, in March 2020, the planet was confronted with a situation, unlike anything we’d ever seen before. Companies were forced to transition from relatively well-defined enterprise infrastructures within office buildings to a diverse set of individual remote users logging in from a plethora of access points around the world. While many businesses found themselves unprepared and unprotected, from a cybersecurity standpoint, the technology was already in place; remote workers, as well as the cybersecurity initiatives to keep them safe, have existed for years. The task was to provide this defense at an unparalleled scale and pace while still adhering to best practices in cybersecurity.
Security teams had to address immediate organizational, procedural, and technological deficiencies related to the pandemic-induced response and the transition to remote working as employees started working in less secure environments and, with less secure personal equipment. Leaders have had to fill training gaps, conduct virtual all-hands meetings – all while raising employee cyber awareness.
As cybersecurity leaders gain a better understanding of remote and hybrid working, CISOs are turning their focus to predicting how new conditions will affect the business environment. They are adapting existing cybersecurity practices as well as long-term cyber risk plans to include these expectations of the new normal. Organizations must make the requisite investments to protect themselves and devise contingency plans in case of future disturbances. It’s important to note the new ways our roles and functions have changed as we reflect on the past few years.
All in all, COVID-19 has altered the cyber environment and will continue to do so in the future, posing new threats and challenges.
Despite all the technology and providers available, some companies still refuse to update their security systems. Why do you think that is the case?
At this point, it’s difficult to understand this type of approach. Over the past few years, there has been such a rise in cyberattacks and coverage of these types of attacks that negligence around protecting your organization against a cyber attack will only be detrimental in the future.
Many organizations still have the attitude that “it won’t happen to me”, which was more common a few years ago than it is now. However, this attitude does still exist with certain organizations preferring to not invest in cyber with the uncertainty over where they would begin when it comes to protecting their firm against cyber attacks. Unfortunately, research would suggest that this approach will be costly at some point, and we would always recommend that organizations carry out regular gap analysis reports to identify gaps in their cyber protection and recommendations on how they should protect themselves.
What would you consider the main threats that critical infrastructure organizations face today?
Critical Infrastructure spans across numerous industries and necessitates a large network of vendors, analysts, and other stakeholders. As a result, the main threat would be systems made up of separate pieces of technology, such as biometric scanners and cellphones, that have the potential to disseminate an assault throughout their network. This needs well-coordinated cybersecurity systems that continuously validate input in order to detect any intrusions or anomalies.
Additionally, in order to keep up with the continual threat of cyber-attacks, these systems will need to be upgraded on a regular basis. A Zero Trust security approach is the most effective method for this purpose. Its ability to lower attack surfaces while retaining good connections makes it suitable for companies of all sizes. This includes key infrastructure services such as water and energy, which have become increasingly vulnerable to disruption.
When working with critical infrastructure clients, there is often concern over the confidentiality of their communications. When deployed into our customer’s critical infrastructure, Salt’s solution enables communications of the most sensitive nature. Customers like this usually want full control via an on-premise deployment. They also demand careful integration with other trusted systems to enable information to be securely and sensitively delivered in real-time to colleagues.
The Salt system has been configured in High-Availability mode as part of the customer’s disaster recovery policy to ensure that it is always available to manage real-time incidents. As a highly secure solution that is available only to select users, Salt is a key component of many organizations’ privacy and risk reduction infrastructure.
What cybersecurity best practices do you think are crucial not only for critical organizations but also for every company nowadays?
Organizations of all sizes should protect their digital assets from cyberattacks. Salt could provide hours of advice, but we’ve detailed 10 below.
Here are Salt Communications’ top 10 cybersecurity tips:
- Always remember no user is immune to cyberattacks! You are a target for all hackers. Stick to using your own personal device, try to limit using other devices, and never share your credentials with others. Be careful with what you click.
- Keep up to date with security updates. Security patches are issued when security flaws are discovered. While it can become annoying to constantly get notification updates, consider it the lesser of two evils. You can always turn on automatic updates on your devices to make this process easier.
- Use public wireless hotspots wisely. If using public wifi make sure you use a Virtual Private Network (VPN). Using a VPN means the traffic between your device and the VPN server is encrypted. This makes it more difficult for hackers to obtain the data on your device.
- Back up your data in both physical locations and on the cloud. Use the simple 3-2-1 backup rule used by the top IT and security managers. Keep three copies of your data on two different types of media (local and external hard drive) and one copy in an off-site location (cloud storage).
- Be conscientious about removable media and what you plug into your device. Malware can infect devices through flash drives, external hard drives, or even smartphones, so make sure to scan any device for malware before plugging it in.
- Practice good password management. Use a strong password – go for 20 or more mixed characters, update your passwords periodically, and do not share these passwords with anyone or write them down.
- Use two-factor or multi-factor authentication. Doing so adds additional layers of security to the standard password method of online identification. Passwords on their own are not as infallible as users need them to be. Examples of 2FA include Personal Identification Code, another password, or even a fingerprint.
- Be aware of phishing attacks. Phishing attacks occur when an attacker poses as someone or something in order to trick the recipient into divulging credentials. In order to avoid this, don’t open emails or messages from people you do not know, and do not click any suspicious links or attachments.
- Secure your mobile devices. Lock your device with a strong PIN or password, only install apps from a trusted source, and keep your device operating systems updated. Carry out confidential calls and send important information only through a trusted secure enterprise communications platform such as Salt Communications.
- Actively monitor your network by installing a firewall and antivirus protection. Installing a firewall system means all incoming and outgoing network traffic is filtered to reduce or eliminate the occurrence of unwanted network communications while allowing legitimate communications to flow freely. Antivirus software is also crucial because it detects and deletes malicious codes, preventing malware from causing any damage to devices.
Talking about average Internet users, what precautions do you think everyone should take to keep their communications secure?
As we don’t service the consumer market, we don’t offer a method of secure communications between peers and friends. We would always recommend that users do not trust consumer messaging systems to share confidential information; nothing is ever free, and many articles have been written that question the actions of certain organizations and their use of consumer data that is being shared on these “encrypted communications” systems.
If as an organization you fear a hack by malign actors who may be motivated by political, economic, personal, or ethical reasons, then it is essential to protect the communications from attack and exploitation, and Salt Communications is the company you should contact.
Would you like to share what’s next for Salt?
Salt is working on many exciting projects that we can share very soon. Salt continues to work with globally known organizations and develop features based on the customers’ recommendations. As Salt continues to build its client base across the globe the opportunity for growth also continues, with internal expansion being a realistic target for the company over the coming years.