WhatsApp Setting the Encryption Bar?

by Administrator on April 6, 2016

In a technical white paper published by WhatsApp on April 4, 2016, the WhatsApp team documents an encryption upgrade which happened automatically for over a billion users. This default architecture makes WhatsApp “the most widely used cryptographic tool on the planet” according to CNNMoney.

Interestingly enough, the push by the WhatsApp team to add end-to-end encryption pre-dates the iPhone security conversations with the U.S. FBI taking place over the last several months. According to an article in Wired, the encryption effort began in earnest in 2014. To me, the interesting aspect of this development is the near instantaneous “flip-the-switch” capability which brings end-to-end encryption to over one billion users. I assume, no permission is sought, no governments or official agencies consulted, no general change management practices employed. Since the architecture changes without the need for user impact, and the application’s capabilities are “enhanced”, the change takes place and viola, messages and communications move globally unhindered and now end-to-end encrypted.
Again, an interesting development where technology, corporate information management and personal communications intersect. Sometimes, change does just happen and the best plans must be flexible, dynamic and adaptable – and shared consumer solutions such as WhatsApp must be understood in the broader context of personal information sharing and collaboration and not internal corporate strategies.


Pardon the Interruption!

by Administrator on March 16, 2016

According to a Gartner report, by 2020, the impact of interruptions on human effectiveness will cause 40% of enterprises to restrict notifications on wearables and smartphones.

The concept of an interruption is an interesting one. The roots of the word are from old French, derived from “a break of continuity”. If you assume that a break in continuity, let’s say in a thought process or in the act of providing a service to a customer, is not desirable, then the onslaught of technology is indeed making it more and more challenging to maintain continuity. With technology spreading from desktop PCs to personal smart phones down to our wrist with smart watches, an increasing level of interruptions is inevitable. Overlay this scenario with the intermingling of personal and professional devices where companies have rolled out Bring Your Own Device (BYOD) strategies, and the policy questions and decisions rise in complexity. What will be allowed to interrupt your work day and when? What will rate the highest, or even pass through a filter process: a business alert, a personal alert, or an alert from the networked coffee machine that the office just ran out of Columbian Blend? Getting out in front of this is imperative, especially in the policy environment. Educating and managing the change over time will be significantly easier than abruptly curtailing someone’s perceived rights when it comes to self-selecting which interruptions to be exposed to throughout the day. Thoughtful policies will be key, and then implementation over time will be necessary.


Yes, It’s True, Your Data can be Held Hostage

by Administrator on February 18, 2016

Articles today state: “A Los Angeles hospital just paid a ransom equivalent to around $17,000 in bitcoins to get its computer systems back up and running.” Ransomware has been a threat for some time and continues to have variations which threaten the accessibility and integrity of your data and systems. Unlike other virus or malware attacks which may render your systems, PC or data unusable and leave them that way, ransomware gives the victim the ability to recover from the attack by paying some form of ransom. Most of the threats today depend on forms of “social engineering attacks”. These are attacks which depend on a user to take some form of action on their PC in order to trigger the attack. The social engineering aspect of the attack is why an educated and aware group of employees is critical. A vast majority of computer threats are in fact detected and stopped before either entering a corporate environment or are neutralized once on a PC using anti-virus software. The problem is, in order to avoid the problem of “false positives”, stopping legitimate emails for instance, some form of creative email or attachment will always leak through to the user. The social engineering aspect of the attack will then convince the user to take some action, whether to click on a specific website or enable macros within MS Word or MS Excel. It is these last steps which are the weakest links and need constant education and exposure in order to keep your data from being held hostage.


This is advice I give everyone, and one that happens to have merit more often than you may think. There are a high number of software and application changes which occur on a regular basis. Given the desire of all companies to offer the latest features more often, coupled with continued scrutiny on cyber security and the need to patch gaps and flaws in software almost daily, something on your PC or Mac may need to be updated everyday. If you expand this to the IOS (iPhone and iPad) and Android worlds, something changing daily may actually be the norm (at least until some breakthroughs occur in the field of cyber security).

OK, so given this reality, and given a second reality, that most of us would be crippled if our PC or Mac or other device stopped functioning just before or during a critical business trip, the logic is sound: think twice before applying a change to something that is critical to you just before you might need to use it. Wait until a less crucial time, or insure testing of a change on another device. I was faced with this decision yesterday, as I was on the road, and I was starting up my VPN client (another critical road tool to insure privacy and security), a message popped up indicating the availability of a new version. At home or at the office, I may have just upgraded; but actually travelling and having limited ability to troubleshoot if something went wrong, I filed away a note to upgrade later and insured that my current capabilities were uninterrupted. This is sound advice for all but the most critical of security patches, and if you practice good and regular update discipline, should keep you functioning at the most critical times.