SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers

Video: 10 Minute IT Jams — an introduction to SmartEncrypt by rhipe

Tue, 9th Nov 2021
FYI, this story is more than a year old

File encryption could be the difference between business survival and disaster.

That's the message from Regan McKay, Head of Smart Encrypt, who says too few companies take file encryption seriously enough. In an interview for Two Minute IT Jams, McKay laid out what file encryption means for modern organisations and why it's becoming non-negotiable for businesses of all sizes.

File encryption, McKay explained, is the process of safeguarding digital information by making files unreadable to anyone who does not have the right key. "It's a case of actually encrypting files - essentially scrambling files to an unreadable format," he said. "We use the process of encryption - it sounds really complex, but essentially it's almost like putting a lock on a file and the only way you can access that file is to actually have the key to either lock it or unlock it."

According to McKay, businesses need encryption to protect sensitive data from unauthorised access, particularly in environments where confidential data or valuable intellectual property is at stake. "It is a significant technology that is around preventing unauthorised access to the data inside of files," he said.

But despite its obvious utility, McKay said encryption has been underused, especially outside large enterprise environments. He traced the genesis of Smart Encrypt to his own experiences. Years ago, while developing software containing high-value intellectual property, McKay found himself concerned about data loss if a key developer left the company. "I was always worried that a developer would leave my organisation and essentially take a copy of my IP with them," he said.

Looking for file encryption solutions led to disappointment. McKay said the products then available to small and medium businesses were "absolute garbage". He explained, "File encryption, although it's an amazing technology and it's incredibly effective, really is a difficult technology to use with the products that were in the market. I was really disappointed with the quality and the ease of use for encryption, particularly in the small and medium business space."

The frustration came not just from poor usability for end users but also from the burden on IT administrators. "From a software designer point of view, I looked at the software and I was horrified from the end user experience and the administrator's experience," McKay said. "You don't want to be encrypting files and having to put a password in every time that you open them. You don't want to have to move your files into a virtual file system."

These challenges led him to develop Smart Encrypt- a tool designed not only for security but usability. "The opportunity came about to actually develop a technology that was going to make this usable," he said. "Where it's really important is for businesses to actually have that control and ownership of their data."

McKay's ideal users are organisations dealing with high-value intellectual property or sensitive information. "Your legal firms, your medical firms, your accountants, anyone in the financial services, anyone with a financial services license - just organisations where it's going to be really detrimental to their business if that data was to leave their custody," he explained.

Although large enterprises have long invested in file encryption, McKay believes the smaller end of town is just as vulnerable - perhaps even more so in the wake of evolving ransomware threats. "Ransomware has changed its behaviour from being a technology that was all about encrypting information to being a threat about not only just going through and encrypting information - ransomware gangs have changed their behaviour to focus on data exfiltration," he said.

He painted a stark picture of how ransomware tactics now play out: "Businesses have been able to mitigate by restoring information from backup, so the ransomware gangs have simply evolved. Now, by stealing the data, the ransomware gang has a lot more information about who the victim is."

That knowledge, said McKay, is used to demand higher ransoms - often tailored to the size and perceived worth of the business. "They will say, well, it's probably worth a few million dollars, so we might ask for a $500,000 ransom - and you might be able to negotiate that down to two or three hundred thousand," he said. Failure to pay can mean data being deliberately leaked, not just to the public but specifically to customers, competitors, industry regulators, and journalists. "It's really about maximum damage to your reputation and your trust with your customers," McKay said.

He warned that for many small and medium businesses, the impact of such an incident can be catastrophic. "This is business-destroying stuff," he said. "This event is either going to destroy the business or put a serious impact on the quality of life of the company owners and the ability for that business to grow."

Smart Encrypt, McKay maintained, was created to make world-class encryption accessible, scalable and - crucially - invisible to users. "I really focused on the ease of use, from both the IT perspective and from the end user perspective," he said. "The end user doesn't want to have to be aware they're working with encryption - it has to be transparent or invisible to them."

The product, he said, works for micro businesses and can scale seamlessly to support large organisations. "It's being built in a way that as your business grows, Smart Encrypt will grow with it, no problem at all," McKay said.

For those interested in adopting such security measures, McKay said Smart Encrypt is available through IT providers but the team is willing to work directly with any business. Speaking directly to organisations unsure about file encryption, McKay had a final message: "Cyber security changes so rapidly, and you've got to be aware of the dangers you face by creating and storing this information. You need to be able to actually control that information and be able to prevent access wherever the data might travel."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X