How secure is your personal data on WhatsApp?
With the rise of online communication and the Covid-19 pandemic forcing companies to operate remotely, messaging apps like WhatsApp have become increasingly popular for business purposes.
The convenience of being able to communicate quickly and easily from anywhere in the world is unprecedented.
However, the question of how secure these apps are when it comes to personal data cannot be overlooked. Is WhatsApp safe? Here’s what you need to know.
WhatsApp is one of the most popular communication apps, with over 2 billion active users worldwide sending over 65 billion messages a day! It has become a critical tool for people of all ages to communicate.
It’s no surprise that the platform is frequently faced with malware threats, and spam. So the question is how secure is WhatsApp when it comes to personal data?
WhatsApp uses end-to-end encryption (E2EE) to ensure that your messages and calls cannot be intercepted by a third party. This means that only the sender and receiver of the message can see or hear the content of the message or call.
WhatsApp uses Signal Protocol, which is considered to be one of the most secure encryption protocols available. WhatsApp itself cannot read the contents of your messages or calls.
However, it’s also owned by Meta (formerly Facebook) – a company which has historically monetised personal information (principally for advertising).
It’s also worth noting that businesses often allow their employees to use WhatsApp on unmanaged devices without endpoint protection – and the platform has been the victim to malicious malware attacks in the past.
Hoaxes and Fake News
Phishing and social media attacks can come from anywhere and convince users to provide their sensitive data in exchange for something they think benefits them.
Email, chat and social media scams have increased eight-fold since the war between Russian and the Ukraine began.
To prevent wide-scale scams, WhatsApp has implemented a few changes – like limiting the number of text forwards to five recipients rather than the previous limit of 250.
Storage of User Data
WhatsApp stores user data on their servers, which are located in several countries worldwide.
WhatsApp says it takes various measures to protect the security of their servers, such as encryption methods and firewalls. WhatsApp also claims that data is also stored in an encrypted format, so even if someone were to access the server, they would not be able to read the contents of the data.
If you’ve recently got a new phone, it’s likely that you’ll have taken advantage of the WhatsApp backup to ensure you don’t lose your chat history. This essential feature also allows you to recover accidentally deleted WhatsApp messages.
Critically, your data, including chat and voice calls, are only secure and encrypted within the WhatsApp chat ecosystem.
By default, this backup is not encrypted. If your backup on iCloud or Google Drive is hacked, your WhatsApp data is vulnerable. There is a solution, though. You can encrypt your backups by going to Settings > Chats > Chat Backup > End-to-end Encrypted Backup and select Turn On to secure your WhatsApp backups. You’ll need to create a password to protect your backups.
However, remember that you won’t be able to access your backups if you forget the password—WhatsApp can’t restore it for you.
Consent and Control over Personal Data
WhatsApp gives users some control over their personal data through various settings. For example, users can decide whether they want to share their information with Facebook, which owns WhatsApp.
Users can choose to enable two-step verification for added security.
WhatsApp also requires the user’s explicit consent before collecting and processing any personal data – but be honest, do you read the small print when faced with the terms and conditions and cookie collection notices on site and app that you use?
Although WhatsApp makes small incremental changes to protect its users, it will never be completely ‘safe’. Any social media platform has security risks, and every platform has hackers attempting to break through its security measures.
If you are concerned about data security in your business, consider using additional measures such as VPN encryption, audit logs, and access control lists.
To speak to an expert about security measures to protect your business, contact Holker on 0333 300 2020.
The Zero Trust Model: A Comprehensive Overview for Businesses
As businesses continue to operate in an increasingly digitised and connected world, cybersecurity is a critical aspect that cannot be overlooked.
One of the most effective ways to safeguard against cyber threats is through the Zero Trust model. This model has been adopted by many big-name companies in various industries. overview of the zero trust model and why it is important to businesses.
What is the Zero Trust Model?
The Zero Trust model is a security framework that assumes every user, device, and network resource is potentially compromised and therefore not trusted.
This means that instead of relying on traditional perimeter-based security measures, the Zero Trust model implements a “never trust, always verify” approach.
It revolves around the core principle of granting users and devices the least amount of access necessary to perform their tasks.
Why is the Zero Trust Model Important?
With cyber threats constantly evolving, perimeter-based security measures are no longer sufficient in protecting against malicious activities.
The Zero Trust model ensures that all users and devices are continuously authenticated and only allowed access to what they need, making it harder for cyber attackers to move laterally in a network if they do manage to breach the initial layer of defence. This greatly reduces the risk of data breaches and security incidents.
Benefits of the Zero Trust Model
- Enhanced security: By implementing a Zero trust model, businesses can significantly reduce their attack surface and enforce strict security policies across their networks.
- Increased visibility: The Zero Trust model enables businesses to have complete visibility of their networks, thereby making it easier to detect potential security threats.
- Improved user experience: The Zero Trust model allows businesses to grant access to resources on a need-to-know basis, preventing users from having access to unnecessary resources and applications, which positively impacts their productivity.
How to Implement the Zero Trust Model
To implement the Zero Trust model, you need to evaluate your current security measures and determine what policies, procedures, technologies, and tools you need to implement to support this framework.
Some key steps include:
- Identifying and categorising your sensitive data
- Strengthening your access management
- Deploying network segmentation
- Enforcing strict access controls
- Continuously monitoring and reviewing policies to ensure effective implementation and adherence.
The Zero Trust model is a security framework that is rapidly replacing traditional perimeter-based security measures.
This approach ensures that access is granted to only trusted users, devices, and resources, reducing the attack surface and enhancing security.
As businesses continue to face escalating cyber threats, adopting the Zero Trust model is more important than ever.
By implementing this framework, businesses can reap the benefits of enhanced security, improved visibility, and increased productivity.
To find out more, contact Holker on 0333 305 2020. Our trained experts can help advise you on the best cyber defence solutions for your business.
Prince & King: Case Studies
Security online is hugely important to any firm, but it is vital for a company within the financial services sector.
Prince & King, a financial services firm based in Earby, Lancashire, have long sought the expertise of Holker IT.
As a result of the Covid-19 pandemic, Prince & King needed to enable work remotely for its team.
All data is held on-site, this data is of a highly personal nature, including bank and pension details.
While the company had a small physical server on site, installing a Virtual Private Network (VPN) meant that its workforce could access essential systems and software from home.
The remote network allowed people to collaborate with colleagues virtually, keeping everyone as safe as possible.
Accounts Manager, Joanne Bjork, said: “When everybody started to work from home, we were able to set our main Office Manager up to work remotely. This enabled the Prince & King team member to complete her day-to-day tasks away from the physical office and work efficiently from home.”
The VPN also allowed the company’s Accountant to work from home, alongside other key colleagues in the 10-strong team.
The team have also embarked on Cyber Essentials training – teaching staff about the risk of security breaches via phishing attacks and the importance of password security via Multi Factor Authentication (MFA).
The MFA ensures that if staff log onto the network via a new device, they receive a unique PIN code to their mobile phone. This provides an extra level of security before the team accessed potentially sensitive files on a shared network to protect their clients and their data.
Joanne added: “The package Holker offered us was really good. It helped us all tighten our belts and make sure everything was secure.
“The training highlighted the need for everyone to be careful, by making us aware of various security breaches, including via social media.”
Joanne and the team enjoyed a professional, friendly and reliable service from Holker – both during the pandemic and throughout the company’s longstanding partnership. Joanne says the support desk were extremely knowledgeable, offering a reliable, advice-led approach.
“The Holker team have always been friendly and responsive to our needs. I feel that they’ve given the very best service over the years. We’ve been very happy to have grown with Holker.”
Access Point: case study
Access Point has been a customer of Holker’s for more than 15 years. But what is it that stands Holker apart from the competition?
We asked Amanda Shaw, Resource Director of the Southport-based company, who work with the UK’s leading retailers, shopping centres and retail parks, specialising in providing high footfall promotional spaces, street food & catering sites and brand experiences.
Amanda said: “We have been with Holker since the beginning. They have seen us grow, and we have seen them grow.
“We have a very open and honest relationship with them. We find everyone very approachable, and the team have helped and advised us on our infrastructure as we have grown and evolved.”
Amanda said that during the pandemic, the company had staff working on desktops, laptops, terminal servers and a mix of operating systems, which was difficult to manage when it came to security updates and licensing.
Access Point’s infrastructure consisted of physical on-site servers but is now nearly fully cloud-based.
Amanda said: “Our transition was expedited due to Covid-19 but now we’re in a better position than a lot of other businesses.
“Holker were able to get us working remotely quickly and we worked together to take our security to the next level. We are now set up with Multi Factor Authentication across the board as well as being Cyber Essentials certified.”
Now, via Intune, updates can be managed remotely, and, thanks to the use of SharePoint, the team no longer have challenges with version control, or costly and vulnerable servers on premise.
Amanda said there was one key reason the company has stayed with Holker for over 15 years.
“With Holker, we’re not just a number. Even though Holker has grown, they are always focused on helping us when we need it and have enabled us to get to the position we’re in now.
“Now, Holker advise us on futureproofing the business and addressing our future needs as a business rather than firefighting when IT breaks down.
“It’s a collaborative relationship which is far more proactive than reactive. It’s focused on improving processes rather than being issue-led.
“Their knowledge and expertise is so valuable. As a company, they invest in training and promote from within – which is great to see.
“I would definitely recommend Holker to others.”
Improving Working Together
ABP was established in 2016 and now one of the biggest gaming accessory brands in the UK and Australia.
Employing around 15 people from their Bolton office, they design and develop products in Bolton and the company is ranked second in the UK for their market share of video game headsets and charging products.
However, the pandemic made them realise that it’s their own internal IT platforms that needed addressing.
ABP first contacted Burnley-based Holker before the Covid-19 pandemic, when they enquired about upgrading their legacy system and migrating to the Microsoft 365 environment.
Paul Topping, Director of Finance at ABP, said: “When the pandemic hit and we moved to remote working, we often found the server down and staff struggling to log in.
“At peak times, when everyone was on the system, it was sluggish. It made working from home even more challenging. The people who used large excel files or lots of resource struggled to work efficiently when they were waiting for the system to load.”
When the team returned to the office, they knew that the time had come to bite the bullet and upgrade their IT and contacted Holker about their options.
Paul said: “Holker understood our business, and what we wanted to get out of it. We are a small business with other day-to-day jobs to do – but Holker scoped out the project and agreed timelines. They made it simple for us.
“Holker really helped us keep the process moving by driving the project forwards. They walked us through every step of the process – from the first stage of implementation to completion.
“Like most places, some people are more it literate and Holker’s engineers helped them all remotely and on site. We felt that other IT companies hadn’t given us as much resource or personal support.”
Agility and flexibility
The MS 365 environment allows the company to benefit from the centralised control and compliance of the Microsoft environment, as well as support from Holker and a more productive workforce through the use of SharePoint and Teams.
Paul added: “MS 365 is perfect for us. We are still learning how best to utilise the new system, but it has helped with collaboration and file sharing. It has made a big difference to the company.
“Usually, people only comment on IT when it goes wrong – but everyone has been complimentary about the new system. The changes have made it easier for the team to do their jobs.”
Paul said he would recommend Holker and is already looking at other upgrades they could potentially help with in the future.
“We have ongoing support of Holker and their engineers on hand if we need assistance or have an issue to escalate. We have the confidence that we’re in good hands.”
You may not know ABP - but your kids will know their products
PFP holds the financial details of tens of thousands of companies and individuals, which is a huge responsibility.
Security is vital.
Powering the Energy Sector
There is one fundamental reason for choosing an energy supplier: price.
All suppliers pay the same for energy, the trick is to add as little as possible for the consumer. Good IT helps keep that price low.
Paul Crorken is Head of Business Transformation and Innovation at PFP Energy. He explains why reliability and flexibility in IT services lie at the core of his business, central to the constant drive for improved efficiency.
PFP Energy supplies 8,000 small to medium enterprises. Add to that 55,000 residential customers and you’ll appreciate there’s a lot resting on the performance of the company’s 102 employees.
Paul explains: “We buy our energy off the wholesale market and we sell that on to the customer. Efficiency is vital in everything we do. And IT is central to that. We need to know it can push the innovations we come up with.”
PFP’s IT services and their help desk are run by Holker. Paul speaks glowingly of a business relationship that really came about by chance: “About four years ago we were a company called Places For People and we got bought out. We had to move all our IT infrastructure into a new building because we were effectively a new company.
“We were with a company called Talk Internet at the time – now they’ve been bought out by Wavenet. We didn’t have an IT department then and we decided to give it to somebody else. Talk Internet suggested Holker and that’s how we found them. We had a couple of other companies tender and Holker won.”
“When Talk Internet got bought out, our good relationship went out the window and we took some of the services from them to Holker, because Holker were a lot better. We actually clawed back money because they identified services we were paying for that we didn’t actually need.”
PFP holds the financial details of tens of thousands of companies and individuals, which is a huge responsibility. “Security is vital. We have actually had a cyber attack and everything got sorted out so there were no problems at all.
“It looked like they were trying to get to our billing provider through us, thinking that they could get at Government information. We found out it was a Russian attack, but nothing ever came of it. All the data was secure so that was fine. Security is great. No issues whatsoever.”
PFP, with Holker’s help, has always been a company that looks to the future, but as with many other businesses, lockdown has forced them to innovate further.
“In the last six months with Holker, in a massive push, we’ve gone into remote desktop working, for obvious reasons. That was coming into play anyway, but it just so happened that two weeks before starting the tests the Covid kicked in and all of a sudden everyone had to work home starting the next day. They took PCs home with them then we figured out how to do it.
“We decided that while RDS [Remote Desktop Services] is a good solution, is doesn’t work from a voice platform facility, so if we want to use Microsoft Teams, Zoom… It doesn’t have the functionality to do it. It will work sometimes and it doesn’t another time. We need it to work all the time so we’ve just signed a contract for VM Horizon for the next three years.”
“That gets built on top of RDS that allows you to get the voice connectivity. All the desktops that are in the building are three to four years old, but this gives them another three to four-year lifespan because it’s all in the cloud now. That’s looking to go live in the next month now.”
“It got to the point where we couldn’t have calls with our provider, Ofgem, because Teams wasn’t working, so VM Horizon is something we need to move to. That wasn’t something Holker had missed – it wasn’t a requirement six months ago because the way of the world was different.”
Holker are more than just a helpdesk to PFP, Paul sees them more as part of the team: “We have got our telephony contracts running out. Holker are going to go out and get two or three tenders for us, because they understand much better how our office works than ourselves. We give them the requirements and they go away and give us some options.
“They will pick up things for us as and when – there’s nothing in the contract to say they will do this but, it makes sense for both sides. For us it’s better to have everything with them because it’s a one-stop shop.”
“When we had problems before, our old provider would take three to four days to fix them. When I ring Holker with a problem it’s literally fixed within one or two hours, depending on what it is. The way they work keeps projects moving for us.”
Paul is constantly impressed by Holker’s proactive attitude: “Just yesterday we had a meeting with Holker on the VM Horizon platform. We mentioned the telephony system and they said ‘Right, we need to know about that, because what you have works now but we need to know what other things will come in in the next two years and whether VM Horizon will work with that platform. They are very forward thinking and do think of things like that.”
The relationship between Holker and PFP works so well, Paul wouldn’t dream of going with someone else. They renewed their contract this year and as Paul says: “We didn’t even go for a tender with anyone else.”