Agencies Should Rethink Their Communications in an Era of Leaks

Looking back over the past few years, there are many examples of how a seemingly small leak can quickly blow up into a big crisis. Sensitive private messages from Democratic National Committee, Hillary Clinton and Sen. Mark Warner never intended for the public have increasingly made their way into mainstream discourse.

As such, it’s safe to say that we have entered into an era in which many in the media, political opponents and foreign governments are often eager to capitalize on leaked information should they feel that it can be used to their advantage—regardless of the ethics or morals of doing so.

This new normal has prompted many in both public sector communications and security roles to re-evaluate the confidentiality and integrity of their communications mediums, and when necessary, proactively implement both guidelines and technology that puts their organizations in control of their messages to minimize the risk of leaks.

Government Must Rethink Vulnerable Communication Channels

In response to our burgeoning culture of communications leaks, both government organizations and political campaigns must rethink how they communicate, as channels once thought to be secure are not. In fact, both internal and external threats are continually finding new ways to penetrate and take advantage of even the most secure channels, and the ease with which information can be shared is in many ways causing irreversible harm.

• Email: Email remains the primary communication tool, however, vulnerabilities are ever-present. In fact, phishing, spoofing and malware attacks are on the rise, and 90 percent of all cyberattacks begin with email phishing. The proliferation of public Wi-Fi has also prompted attacks such as KRACK, which makes it easy for attackers to eavesdrop on data from any device connected to a network. In addition, Sebastian Schinzel, professor of computer security at Germany’s Münster University of Applied Sciences, told the German news outlet Süddeutsche Zeitung that researchers have discovered a critical vulnerability called eFail that exposes PGP or S/MIME encrypted emails in plain text, putting at risk the integrity of every email message in transit. The days of email use for confidential information should be considered over.

• SMS Text: Text has been gaining adoption as a popular communications channel because it is simple, direct and has high open and response rates. The problem with text messaging is that it does not offer sufficient filtering solutions nor capabilities to root out fraudulent messages, and phone number spoofing can make a malicious message appear as trusted—just as with email. Many security experts have advised against using text for two-factor authentication because it can easily be hijacked over the SS7 network, and messages can be leaked to those with all sorts of motivations. Fast and efficient communication, however extremely risky for sensitive knowledge sharing.

• Consumer Grade Messaging Apps: While messaging apps such as Signal and WhatsApp claim end-to-end encryption, they provide no protection against someone screenshotting, sharing or forwarding a message to an unintended recipient. So, while the message is encrypted during transmission, once it is received it can be leaked with relative ease. Former Senate aide James Wolfe got himself charged with a federal crime for lying to the FBI, thinking that the secure messaging apps he used to communicate were failsafe.  

A New Communication Channel for the Era of Mass Leaks

In response to the insecurity of communications mediums and today’s ever-present culture of leaks, the public sector must reduce the vulnerabilities of their information sharing channels. The first step for agencies is to establish a communications plan with technology that limits the risk of leaks altogether. An enterprise-grade communications platform that goes well beyond encryption, preventing information from being forwarded, screenshotted, shared or accessed through a breach, does just that.

Such messaging platforms could be used on smartphones, desktops and tablets to ensure organizations can securely collaborate and communicate in a time of crisis. Ephemeral messages never remain on servers or devices and messages are automatically vaporized after a predetermined interval of time-based on an organization’s policies, and advanced controls also reduce the risk of propagation.

What government personnel needs now more than anything is an enterprise-grade secure messaging platform that offers compliance to meet Freedom of Information Act and other necessary record-keeping mandates while also keeping official communications secure and free from leaks and surveillance.

The consequence for not doing so? Losing control of the narrative at a time when there are significant repercussions of doing so.

Kristi Perdue Hinkle is the chief marketing officer of Vaporstream.