The Plain English Guide to: End-to-End Encryption

Introduction

From the introduction of GDPR in 2018 to the upcoming changes to browser cookies in 2022, digital privacy is a big focus in the modern day.

That’s really no surprise if you consider that UK adults now spend 4 hours per day browsing the web on average.

Combine these stats with a broadly remote workforce across the UK, and you’ll see that privacy should be everyone’s concern – businesses and individuals alike.

With that in mind, we wanted to use this Plain English guide to take a close look at end-to-end encryption.

As a tool to protect conversations and data inside your business and out, end-to-end encryption – also known as E2EE – might be your best tool to keep your company’s comms safe.

Let’s dive in.

What is end-to-end encryption?

Imagine, if you will, a text message conversation between two people.

One person sends a message, the other receives it – simple, right?

But there’s an intermediary there, too, and it’s the transmission of the message from one device, to a potentially global network, and finally landing with the recipient. The problem with traditional unencrypted messages is that, at any point in this journey, a ne’er-do-well could intercept the messages and read them with no effort at all.

That’s probably okay if you’re talking about the weather, but what about confidential business or client info? Plus, just the principle of privacy is so important today.

It’s here that end-to-end encryption comes into play.

End-to-end encryption is a technology which takes a message from the sender, encrypts it for transmission, then delivers it to the recipient where it’s encrypted securely. E2EE works using a cryptographic key which only the participant’s devices have access to.

In short, this means that, even if a message were to be intercepted while it was still “in the air”, it’d be impossible to read by a potential cyberattacker. Only the sender and receiver have access to the cryptographic keys required to make sense of the messages, making end-to-end encryption a very attractive proposition for anyone who values privacy and data security.

3 essential things to know about end-to-end encryption

E2EE sounds pretty great, right?

It could seem like a fool proof way to keep your data 100% safe and secure while you’re talking about, or even sharing, sensitive customer data with your employees or colleagues.

The reality, of course, is that no system is perfect.

Even end-to-end encryption has its share of limitations – and here are three that you need to know:

1. There is still a risk of “Man in the Middle” attacks. These attacks, known by the initialism “MitM”, operate similarly to the malware we’ve looked at before on the Get Support blog. A Man in the Middle attacker will try to impersonate the recipient you’re attempting to contact, therefore establishing a perfectly valid, cryptographically encrypted conversation right at the origin point of the message… it’s just not with the person you think it is!
2. E2EE doesn’t erase all traces of the communication. Yes, messages encrypted using end-to-end encryption are practically impenetrable to third parties – but the traces of these messages are not. Depending on how many intermediaries your message passes through, there will be various traces of a message having been sent – just not details about what it said.
3. The devices themselves are still vulnerable to breaches. While E2EE prevents your communication from being intercepted in mid-air – or, at least, stops it from being deciphered if it is – the messages are still readable on each of the two devices. That means the sender and recipient’s messages can still be compromised should an attacker gain access on either end – just not in-between. Likewise, if you regularly backup your devices, (as you should), these may also be vulnerable to breaches if not properly secured.

To give your business complete protection in addition to end-to-end encryption, it’s worth considering a comprehensive solution such as Endpoint Detection and Response – the most advanced threat protection in the world. If you ask us, anyway.

Which messaging apps use end-to-end encryption?

If privacy is a big requirement of the work your business does, you probably want to make sure you’re using secure messaging platforms which have E2EE enabled out of the box.

If nothing else, you can let your customers know that their communications with you will be safe, secure, and protected as you do business.

Here are just a few of the messaging apps and services you can use today which leverage end-to-end encryption technology:

WhatsApp is something of a poster-child for end-to-end encryption, having pushed it as a primary benefit for its service since its inception in 2009. WhatsApp also offers a service dedicated to business customers, known appropriately as WhatsApp Business. Any messages sent to a business using this platform will use the dedicated “Signal” encryption protocol E2EE protection by default… more on this in a moment. Unlike some other platforms, WhatsApp is very clear about the fact that even they cannot intercept your (or your customers’) messages.

Signal might sound familiar, because it’s not just a private messaging app, but also an entire end-to-end encryption protocol which powers other apps — including WhatsApp. Signal is widely regarded as the gold standard for private communication, so much so that it even boasts whistleblower Edward Snowden as one of its “celebrity” ambassadors. Its software is free and open source, meaning anyone can leverage its privacy capabilities to enable world-class E2EE for messaging. As of 2021, the Signal private messaging app has over 40 million active monthly users – and it’s growing all the time.

Telegram is one of the newer entrants to the world of social media communication platforms. Launched in 2013, Telegram is a cross-platform instant messaging and video calling app with a focus on privacy. Private chat messaging is end-to-end encrypted on Telegram by default, but it doesn’t end there – the platform also offers E2EE on video and audio calls. The encryption used in Telegram works between the app itself and the server, meaning that any information shared via the platform is indecipherable to any third party – and that includes the user’s ISP. For this reason, many privacy-conscious users and businesses use Telegram for their day-to-day communications. In fact, if you wanted proof that the world is becoming more concerned with privacy, consider that Telegram was the number one downloaded app in the world during January 2021.

Concerned about cybersecurity? Get Support is here to help

At the end of the day, end-to-end encryption really comes down to one thing: cybersecurity. While this is a big issue for individual users, it can be an even bigger deal for businesses – especially when you’re responsible for keeping your customer’s data safe at all times.

With digital threats more abundant than ever before, and more of us than ever relying on digital platforms for communication, technology like E2EE can help your business keep its precious customer data secure no matter what.

To learn more about improving your cybersecurity, call the Get Support team today on 01865 59 4000 and ask about our IT support packages. Alternatively, just enter a few details below and we’ll call you.