The bar for cybersecurity is abysmally low. Here’s how Zebu’s raising it.Jackie Gill - January 16, 2020
It starts with one bad email. That’s what caused a crisis at a New York law firm in February 2017, when employee payroll information, private addresses and Social Security numbers landed in the wrong hands thanks to a phishing email that looked like a legitimate request from management.
Or it could be a computer or device that wasn’t disposed of correctly. A document that fell out of an employee’s bag. An employee who accesses a database they shouldn’t. A concerted effort to breach a system.
No matter how many different forms they take, there’s one constant with data breaches: the numbers are going up. In the first quarter of 2019, 1,903 breaches exposed an estimated 1.9 billion records. For context, that’s a hike of over 56 per cent in the number of reported breaches compared to the same period a year prior.
The vast majority of those breaches happened to businesses. And while high-profile cases like Equifax’s make for grabby headlines, smaller companies are a juicy target since they typically don’t have the same resources to prevent breaches, or deal with them once they happen.
Jessé David Thé is CEO and founder of Zebu, a secure collaboration platform that locks down your messaging, file storage and scheduling. Here’s how he puts it: “A single breach can completely destroy an entire business. That’s one of the reasons why we’re very passionate about security, because we want to help businesses. And one of the ways to help them is to make sure that they are protected and don’t go out of business.”
So where do breaches come from, and how can we better protect company data – and our companies? It starts with knowing where you’re most vulnerable, says Thé.
Where does your data live (and how’s it used)?
Think about all the systems and platforms you use every day. Your file management. Your email. Your chat. Your calendar Your knowledge base. Your payroll. Now ask yourself, have you – or anyone else – in your company read through all the terms and conditions about how those services manage your information?
“One of the problems online is that people don’t really know what is actually private and what is actually out in the open in a way,” says Thé. A lot of that stuff is not really as private as you might be led to believe.
“Unfortunately, what we found was that not only do these companies not sufficiently protect, in many cases, the user data that’s being stored with them, but they even analyze, scan, read and sell all that information,” he says. “So you can be talking to your HR about something very sensitive, and that could be scanned and sold to create a profile on you.”
“People don’t really know what is actually private and what is actually out in the open.”
– Jessé David Thé, CEO and founder of Zebu
That’s why it’s important to know how much access your service provider has to your stuff, and what they want to do with it once they have it. In an ideal scenario, they wouldn’t have access at all, Thé says. And it’s one of the benefits of encrypting each message, file and calendar entry independently.
“That’s one of the things that we like to say is that you can trust us at Zebu because you don’t have to trust us,” he says. “There’s no implicit trust you need to have in us because we make sure that we can’t access your information.”
How do they store and protect your data?
It seems like a no-brainer to trust a big company with your data. After all, they have resources and a reputation. If it’s that successful, it must be trustworthy.
Here’s the problem, though: “What people sometimes forget is that a company is made up of a lot of people,” says Thé. Instead, they think it’s just a company. “Well, that company has 5,000 employees. Do you trust every single one of those 5,000 employees who have access to your information?”
Remember Edward Snowden? Not only did he uncover the extent of the U.S. government’s surveillance capabilities, but he, too, was one of those one-in-five-thousand employees who accessed and copied classified information.
“Trusting a company with your information, just because they have a name, is actually a dangerous thing,” Thé says.
“Do you trust every single one of those 5,000 employees who have access to your information?”
– Jessé David Thé
As a service themselves, Zebu had to figure out how they could protect both against breaches from outside, but from within as well – especially when it’s sensitive information like payment details, sexual harassment claims, medical records and lawyer-client communications. “We had two concerns with information being on our system. Can we access it, and how at risk is this of being leaked if we ever get breached?”
With military-grade encryption, they got their answers: without the ability to access any of their clients’ information, that risk gets eliminated.
How do they protect their own data?
It’s not just the data you own that’s at risk. The data those companies have about you matters, too. The payment information you shared when you signed up for their service. Your activity when you use their services. All of that is up for grabs should a bad actor find a way in.
Even your personal information, like healthcare records or legal notes, could be exposed, Thé adds. “If I have a psychiatrist or therapist, where are they storing all this very private information about me?” he asks.
“It’s not just the things that you use, but it’s also the things that other people use when they’re working with you.”
– Jessé David Thé
“They could be using a system that’s not actually securing any of the notes that they took during your session. And now that could be exposed, which could be very harmful for you in your personal life.”
And that personal data can impact your business, too. That upcoming acquisition could be compromised by a competitor if that kind of information fell into the wrong hands, for example.
That means thinking about all of your data – not just the information you generate, but what other people know about you and your business – as a whole, says Thé. “It’s not just the things that you use, but it’s also the things that other people use when they’re working with you.”
So who can we trust?
In fact, Thé himself didn’t know the answer to this question before he started Zebu. He was sure that the billion-dollar tech giants had cybersecurity all figured out. But they didn’t. The deeper he dug, the worse he felt about what he learned.
Between lax security practices, a lack of internal controls and ownership terms that allowed services to sell personal data, “We were very disgusted by that kind of treatment. And we realized that a lot of these platforms we had been using ourselves, not realizing that we were being used in that way,” he says.
“You can trust us at Zebu because you don’t have to trust us.”
– Jessé David Thé
That’s why Zebu is different. “It wasn’t enough just to encrypt the data and ensure that it’s protected against external threats. No, we had to encrypt it in a way that, not only can other people not access it, but even those who work at Zebu cannot access or read that information,” he says.
“We decided that we weren’t just going to do the bare minimum. We were going to go beyond.”
Don’t just secure your business – be more productive, too! Get started with Zebu’s secure collaboration platform.