Blog

There are many reasons that cyber security plans fall short in the workplace. When dealing with bad actors, nearly everything can be a pitfall in some respect or another. That means that every advantage you can create in your favor is crucial in the fight against security breaches—one of the most unassuming proponents of poor cyber security practices is user experience design. The world of design often operates in the background. When it’s good, we don’t notice. When it’s bad, we notice it right away. How does poor user experience design impact cyber security practices in the workplace? What can we do to change that to create a more secure internet for all?

What is User Experience?

Broadly, user experience (UX) design is the field of design that focuses specifically on understanding how a user will interact with a product with the final goal of improving the fundamental experience of integrating it into their daily lives. It prioritizes the user’s moment-to-moment experience over the presumptions of the product designers. Good user experience is practically invisible, and it takes teams of highly proficient people to create a system that feels natural and easy to use^[1].

UX designers focus on three basic questions when designing product interfaces:

• How does the user interact with this product?
• How can we empathically solve the problems our product presents?
• What underlying assumptions or objectives do we need to understand in order to meet our user’s needs?

We care about solid user experience design because it’s the only way you can ensure a product is used to its maximum potential. It is well understood that people will often take the easiest path to their goals. Daniel Kahneman and his book, Thinking Fast and Slow^[2] explores the ways in which our brains optimize our cognitive loads by constantly taking shortcuts throughout the day. This, unfortunately, leads to corner cutting in many circumstances, many of these corners we don’t realize we’re cutting. UX designers understand the corner cutting we are primed to engage in and design product interfaces that reduce the maximum amount of friction wherever possible.

We can use something less abstract than cyber security tools to think about how UX touches our lives and reduces feature friction. The locks on our homes are simple to use. A key and lock mechanism is the only thing standing in between us and home security. We can easily imagine a world where this is not the case. If we move the keyhole down to the very bottom of the door or create a locking mechanism that requires multiple steps to engage, the sheer frustration of entering and exiting our homes would lead us to disregard the utility of our deadbolt.

This principle is one of the myriad reasons cyber security tools are left by the wayside in the workplace. Employees and business owners understand how important it is to secure shared drives. They keep our passwords private and lock their desktops when they leave for lunch. The security breakdown tends to arise when obstacles stand in between employees and the work they need to do^[5]. 

Costly social engineering breaches that poke holes in the security plans of corporate giants like Verizon or MGM happen simply because their security plans had so many steps that sidestepping them entirely was the quickest way to get the job done^[3]. High-stress work environments and shrinking workforces contribute to costly corner cutting. Still, poorly designed cyber security solutions are among the most significant contributors to this rash of security breaches.

Complicated verification processes must take place behind the scenes, and we should strive to make security as straightforward as possible on the front end. Without the right user experience, the tools we use to protect ourselves simply fizzle out before they have the opportunity to protect our workplaces.

AXEL Go and User Experience

We understand how important user experience is in the cyber security battle. That’s why our file sharing service and all of our features are easy to access, clearly labeled, and simple to implement. The clean design of our application and the streamlined storage and sharing process is a nice secondary benefit to focusing on user experience. Still, primarily it is done to ensure our users and their businesses may enjoy the robust end-to-end encryption we provide^[6].

Features like our secure fetch that may be unfamiliar to workplaces that have never had the opportunity to use such a tool have been streamlined for ease of use. Our secure fetch is a method for retrieving a file in full (including unaltered metadata) from a client by generating a secure, password-protected link. Once this has been shared, no tech savvy needs to be employed to enjoy the fully encrypted document retrieval. We do the heavy lifting and keep it behind the scenes to reduce the cognitive load for each party involved.

Our goal when providing you with a private, secure, and personalized storage solution is to protect you and your business online. By understanding how user experience design affects this, we have removed the barriers between the user and innovative security solutions. We took the time to build robust, decentralized server structures with the express desire to protect our users against some of the most sophisticated cyber-attacks. Still, all of the work put into our blockchain-backed security would go to waste if our application was confusing or difficult to use.

Protect Your Business With AXEL Go

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

---

Citations

^[1] The Interaction Design Foundation. 2022. What is User Experience (UX) Design?. [online] Available at: <https://www.interaction-design.org/literature/topics/ux-design> [Accessed 21 July 2022].

^[2] Kahneman, D. and Egan, P., 2011. Thinking, fast and slow. 

^[3] Xda-developers.com. 2022. [online] Available at: <https://www.xda-developers.com/verizon-data-breach-employees-data/> [Accessed 21 July 2022].

^[4] Allage, A., 2022. Council Post: Why Employees Violate Cybersecurity Policies. [online] Forbes. Available at: <https://www.forbes.com/sites/forbesbusinesscouncil/2022/07/11/why-employees-violate-cybersecurity-policies/?sh=2b4517871d98> [Accessed 21 July 2022]. 

^[5] Securitymagazine.com. 2022. | Security Magazine. [online] Available at: <https://www.securitymagazine.com/articles/94909-the-evolving-role-of-user-experience-in-security> [Accessed 21 July 2022].

On the internet, we have a duty to keep our data safe, secure, and private. Encryption is our strongest tool in that fight, but what exactly is encryption? What does it do to keep our data secure? How does that look different for the military and the civilian? 

What is Encryption?

Encryption finds its roots in the field of cryptography. The process of writing and solving coded messages became the foundation upon which modern encryption was built. In ancient history, the Roman used simple substitution ciphers by simply shifting their messages down a few letters, these days, you can find a substitution cipher in a children’s puzzle book, but for the time, this was considered one of the premier methods of protecting your data in transmission. As history progressed, we developed more sophisticated versions of effectively the same thing. 

Most famously, we used machines to develop and decode encrypted messages in World War II. Machines with turning drums would take an input, shift the output internally, and create complicated, coded messages that were simple to decode once given the proper information. The Germans used a more complex machine with more drums to create messages that were more difficult to decipher, and the Allies fought back by working tirelessly to crack their codes. We can think of Alan Turing and his code-cracking machine as the beginning of modern-day encryption. In fact, there are many similarities between early analog encryption and the complicated processes that our phones use today.

In the modern day, we encrypt data in a similar, more sophisticated manner. Because information on computers must be transmitted in a precise manner, any slight shift to the data being transmitted will transform it into expensive gibberish that neither machine nor man can translate. Data encryption takes advantage of this by creating keys on either end of a line of communication to which only the authorized devices have access. The encrypted information is then scrambled in a unique fashion and only reconstructed when the proper key is slotted into the data. An encryption key is generally as simple as a string of common characters, but the mechanical beauty lies in the sheer number of possible combinations. Well done encryption will be entirely unparsable by any person or machine without the proper key, and faking one, even with the most powerful devices we have on the market right now, would take a shockingly impractical amount of time.

Our Encryption 

AXEL Go uses what is called AES 256-bit encryption. This military-grade encryption method was first developed in 2002 to bolster the cybersecurity of the most well-funded military on the planet. This means that this encryption standard was developed with some of the best resources money could buy and scrutinized by some of the most privacy-minded people. 

Before AES-256 bit encryption hit the scene, federal agencies were the Data Encryption Standard (DES). DES as an encryption standard was a 56-bit monster for quite some time, but eventually, computing power became so cheap and accessible that DES could no longer keep up. A single person with a suitable machine could crack a document encrypted with DES 56-bit in less than a day by the 1990s with brute force alone.

AES 256-bit encryption stands on the shoulders of encryption methods that stood before it. AES 256-bit is a symmetric key cipher. This means that the same key is generated on either end of the transfer. The data encrypted by the AES algorithm is broken up into several “blocks,” and each of those blocks is replaced with encrypted data decided upon by the encryption key. Once the data is rendered unrecognizable, it can only be reverted into a readable format by the proper key. The encryption process is performed in several different “rounds,” and the number of rounds of data replacement that have taken place before the data is considered sufficiently encrypted. AES 256-bit encryption is the most thorough iteration of AES encryption, and it has the backing of the NSA and protects many of the organization’s top secrets. It’s robust enough for the military, and bringing that technology to civilians in an easy-to-use format is the least we can do for the digital security of all.

How Does Encryption Protect You?

In the simplest terms, encryption protects us in the digital world by creating barriers to entry for everyone but yourself. When data is encrypted, you become the only person with the key to an incredibly complicated lock. Once the tools are in place, end-to-end encryption does the hard work of scrambling and reconstructing your data without any additional input on your part. 

An unfortunate aspect of modern-day privacy legislation is the tendency to pull back your protections in times of strife. A typical legislative response to international disasters, times of war, or changes in federal protection is to lean on the human tendency to seek protection. That reflex often materializes in the law as privacy overreach. Our doorbells, cell phones, and air conditioning control modules can keep track of our positions and habits, and that information can be turned over to third parties without us having a say in the matter.

When we talk about using encryption as a tool to protect yourself or your business in the modern world, the primary reason for this is to keep your data out of the hands of bad actors. Ransomware attacks have brought massive industries to a screeching halt. For instance, the Colonial Pipeline ransomware attack is the perfect example of how we can lose out on millions of dollars in business, inconvenience hundreds of thousands of people, and shake our trust in our infrastructure. Hackers and other bad actors will always be the primary threat that encryption aims to fend off, but it is essential to understand that end-to-end encryption is a tool with many functions.

We encrypt data, not just because it keeps bad actors out, but because people have a fundamental right to privacy that is easily eroded if left unprotected. By going out of the way to create robust, secure protections of our privacy before the right to do so is challenged, we create a space online that is secure and belongs to you alone.

Embrace Your Right to Privacy

.AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

---

Sources

“Advanced Encryption Standard: Understanding AES 256 | N-Able”. 2022. N-Able. https://www.n-able.com/blog/aes-256-encryption-algorithm.

Lily Hay Newman, wired.com. 2022. “End-To-End Encryption’S Central Role In Modern Self-Defense.” Ars Technica. https://arstechnica.com/information-technology/2022/07/end-to-end-encryptions-central-role-in-modern-self-defense/.

“Law Enforcement Access To Smart Devices.” 2022. Brennan Center For Justice. https://www.brennancenter.org/our-work/research-reports/law-enforcement-access-smart-devices.

In society, hospitals can be seen as one of the most sacred places. In a hospital, we come together to care for the sick and hurt in our communities. Hospitals require a massive amount of trust. Not just the trust between a doctor and their patients, but the trust in the tools and methodology of the hospital in question. During the treatment process, a massive amount of incredibly personal and sensitive data is pulled from patients. Everything from hyper-specific ailments to credit card and insurance information ends up on a hospital server somewhere after taking a step through their doors. This means that our healthcare system is responsible for our well-being in more ways than one, and it places them in a uniquely perilous position when it comes to cybersecurity. 

Boardman Ohio and Small Town Medical Centers

In June 2019, a medical practice with an office in Boardman Ohio called N.E.O. Urology Associates^[1] fell victim to an incredibly costly ransomware attack. The hack was more or less a standard ransomware attack. The hackers found their way into the urology practice’s local systems, figured out where all of their data was stored, and hijacked it by totally re-encrypting everything they could get their hands on. Encryption is a powerful cybersecurity tool. Many security systems will employ, but that power is devastating when employed against others.

The hack took this small practice by surprise. It seemed to have cropped up as quickly as they noticed it. The speed of the hack and the practice’s lack of preparation cost them dearly. Not just in trust or inconvenience, but in their wallets as well. They reacted as quickly as they possibly could have after being on the back foot and blindsided by the attack, but it still took approximately 48 hours to resume business as usual. Over the two days of disrupted business, N.E.O Urology reported an average loss of around $40,000 a day. Notably, this massive financial hit does not include the $75,000 ransom eventually paid out to the hackers. 

It’s hard to believe that losing over $100,000 dollars in business and profit could be considered getting off easy, but N.E.O Urology was one of the lucky ones. Similar businesses that are running on razor-thin margins are often brought to their knees in the wake of similar attacks. For example, a pair of physicians in a Michigan-based medical had their documents seized and ransomed to the tune of $6,500. All of their appointments, patient information, and health records were encrypted out of their hands until they formally refused to negotiate with the hackers. The hackers responded by simply deleting every single one of their supporting documents. This $6,500 demand was enough to entirely undo their hard-won medical practice and deprived a community of their services^[2]. 

We can see that ransomware attacks aren’t just some internet boogyman. When they take hold, they quickly become a robust form of financial control over our local institutions. As a community of people living and working online we need to understand the damage ransomware attacks can inflict on small businesses^[3].

Why Is This Happening?

One of the cruelest ironies of our increasingly online world is our waning cybersecurity response. The convenience of easily-accessible digital tools and the internet’s proliferation into daily life has linked nearly every single aspect of work to the internet at every moment. However, this seamless integration into our lives has created a massive blindspot. We don’t look at our connection to the internet as a vulnerability the same way we do physical threats. We lock our file cabinets at night and put our tax documents in safes because we understand the damage that would be done were these documents to fall into the wrong hands. This same ethos needs to be spread to our cybersecurity plans.

Today, however, we stand at a security crossroad. Politically, culturally, and financially we find ourselves at an awkward standstill^[4]. Corporate interests are focused on generating a growing short-term profit for shareholders. This means that long-term investments in infrastructure that has no immediate benefit to an outside observer will find themselves on the cutting room floor in favor of methods that generate profits. Cybersecurity budgets tend to fall victim to this mindset, particularly with businesses that don’t see themselves as “operating online.” As we’ve seen with recent hospital hacks, businesses that operate in the physical realm still back themselves up with support from the digital world, and neglecting this reality will bring an operation to a screeching halt. 

Legislation has also done an abysmal job keeping up with security threats. We have no problem legislating physical threats, but in recent years cybercrime has been met with significantly less pushback. The Colonial Pipeline hack, for example, was a high-profile hack that was felt firsthand by the American people^[5]. Gas stations all up and down the East Coast ran dry, weekend plans for visits to friends and family were stalled out by empty gas tanks, and employees missed work simply because their local fill station had no wares to provide. Eventually, the government caved to the hacker’s demands and the legislative branch responded in an anemic and reactionary fashion. To this day, digital protections of the American energy sector are held together in a patchwork of ill-suited organizations and loose regulations.

White House officials say they’re unable to move harder on regulation without specific authorization from Congress. American Congress is filled to the brim with rapidly aging representatives with a marked lack of technical knowledge^[6]. This current state of the legislative body of the United States leaves a distinct cybersecurity-shaped hole in leadership which has a direct impact on how cybersecurity is viewed by the layperson. If the government can scrape by with the bare minimum, what is to light a fire under the butts of the mom and pop business?

How Can AXEL Go Help?

AXEL Go is a file storage and sharing service that is designed to revolutionize the way we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-25 bit 6 encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

---

Citations 

^[1] Finnegan, Joanne. 2022. . https://www.fiercehealthcare.com/practices/ohio-medical-practice-hacked-pays-75-000-ransom-news-report-says.

^[2] Finnegan, Joanne. 2022. . https://www.fiercehealthcare.com/practices/physician-practice-roundup-michigan-practice-will-close-after-doctors-refuse-to-pay.

^[3] Bergal, Jenni. 2022. “Ransomware Attacks on Hospitals Put Patients at Risk”. Pewtrusts.org. https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2022/05/18/ransomware-attacks-on-hospitals-put-patients-at-risk.

[4] Marks, Joseph. 2022. . https://www.washingtonpost.com/politics/2022/06/24/cybersecuritys-bad-its-getting-worse/.

[5]. Ellen Nakashima and Lori Aratani 2022. . https://www.washingtonpost.com/business/2021/05/25/colonial-hack-pipeline-dhs-cybersecurity/.

[6] Magan, Veronica. 2022. . https://fiscalnote.com/blog/how-old-is-the-117th-congress.

We all love email attachments. They’re one of the most accessible and simple methods for distributing files. From word documents to media files, a quick click of the paper clip will attach a file to your brief missive and send it on its way. The ease with which we’ve been able to fire off information has changed communication online forever. However, there is a wildly disappointing and fundamentally compromising weak point in how we share email attachments. They last, effectively, forever. When we fire off an email attachment, we tend not to think about what happens to it next. We can put our trust in the recipient and their digital security hygiene. Still, we can’t do much about the fact that email servers necessarily hold onto your attachments for an indeterminate amount of time. What does that mean for the contents of your emails? How does this take control of your data out of your hands?

Let’s Talk Attachment

1992 was the year the first email attachment was sent. We have Nathaniel Borenstein to thank for that. It may surprise you to learn that the contents of the first email attachment were shockingly mundane. If you were to go back in time to receive this monumental document, you’d be greeted by a photograph of a barbershop quartet called the Telephone Chords. This aptly named quartet was able to travel through the screeching wires of dial-up internet thanks to Nathaniel Borenstein and his colleague Ned Freed. Together, they wrote an internet extension called Multipurpose Internet Mail Extensions (MIME). Their shared desire to get photos to their grandchildren over the internet one day in the future drove them to write this monumental internet extension.

Clearly, this extension was a hit. You can find traces of it, if not the extension in its entirety, in the DNA of your email services to this day. MIME has persisted well over twenty years by this point, and while its resilience speaks to the simplicity and flexibility of the process, we can see the cracks appearing in the news. Stories of email server hacks show us what MIME’s biggest weakness is: centralization.

We all know by now that the internet is effectively just a massively interconnected network of computers chattering back and forth at the speed of light. Some of these computers are responsible for storage. It’s a massive responsibility and a sizable vulnerability. Your email attachments, as we know them today, need to exist somewhere so they can be accessed from anywhere. Email is an indispensable tool that allows us access to our inboxes from anywhere in the world via the internet. Still, email as we know it is beginning to lag behind hackers’ latest advancements. 

Currently, we protect our emails during transit. This is done via an encryption process called Transport Layer Security, or TLS. This in-transit encryption scrambles your messages and your attachments until they reach their intended target. Any outside observer looking to pilfer an email as it leaves your computer will find themselves stumped. In response, hackers have begun looking elsewhere for your information — the servers they’re backed up on. Instead of trying to trawl for data during an incredibly narrow window, they’ve started cracking open the servers your emails end up on after you’ve hit send. The conveniences you’ve enjoyed, such as the ability to search up a conversation you had a decade ago in your high-school Hotmail account, have presented themselves as a surprising vulnerability in the age of ransomware and high-profile security breaches. While your emails patiently wait for the next time you pop in your password, they’re being poked at from every conceivable angle until the subsequent server breach occurs, laying every PDF and “I love you” at the feet of bad actors.

Protecting Yourself From Server Breaches

What can you do if you’re a digital native that does their work online? Your bread and butter are artfully crafted from your ability to contact clients and communicate with them as quickly and easily as possible. We are working online in unprecedented numbers (and those numbers are still growing). Every job application, family photo, and memoir draft is sitting somewhere, waiting for someone to discover it after you’ve attached them to an email. 

The simplest option, frankly, is to not engage in the first place. Today we have so many alternatives to email attachments that are as simple, if not more simple, to utilize and much more secure. If your business requires legal documents or personally identifying information from potential employees and clients, then consider outside services. E-signatures and expiring links are quickly becoming easier to use and much more ubiquitous for a good reason. E-sign sessions terminate the ability to alter or access a document once it has been signed, making them effectively as secure as a hard copy with the added benefit of removing a hacker’s ability to later access the personally-identifying information shared on the document. If e-signatures or expiring URLs aren’t an option, file-sharing services like AXEL Go now offer secure methods of submitting and requesting documents. AXEL uses secure fetch to generate an encrypted, personalized, and password-protected link that your clients can use to securely upload documents into your file storage, rather than relying on email attachments and their vulnerable servers. Anything that gets your documents off of an email server for an indeterminate period of time and puts you in control of who can access your data will put you and your business leaps and bounds ahead of the competition with minimal effort.

Revolutionize Your Attachment Style

AXEL Go is committed to creating an internet that is more secure by default. Our file-sharing service is intuitive, simple, and, most of all, safe. Our decentralized servers make server-side breaches effectively impossible, our AES-256 military-grade encryption easily stacks up to the TLS security that currently governs our email attachments, and all of our file shares come with an in-built expiration date.

You can try AXEL Go and all of its features for free with our 14-day trial. See the difference a simple, secure tool backed by our $10,000 guarantee can make in your practice today.

---

Citations

Marks, Joseph. 2022. https://www.washingtonpost.com/politics/2022/06/24/cybersecuritys-bad-its-getting-worse/.

Sjouwerman, Stu. 2022. “[Heads Up] The Bad Guys Have Likely Hacked Your Exchange Email Server”. Blog.Knowbe4.Com. https://blog.knowbe4.com/heads-up-the-bad-guys-have-likely-hacked-your-exchange-email-server.

Beatrice, Adilin. 2022. “You Are Being Redirected…”. Analyticsinsight.Net. https://www.analyticsinsight.net/critical-analysis-of-cybersecurity-in-the-government-sector/.

Stockton, Nick. 2022. “Meet The Man Who Gave The World Email Attachments”. Quartz. https://qz.com/186426/meet-the-man-who-gave-the-world-email-attachments/.

“Security & Trust Center | Google Workspace”. 2022. Workspace.Google.Com. https://workspace.google.com/security/?secure-by-design_activeEl=data-centers.

Telegram has become one of the top social outlets for people operating online that care deeply about their security and privacy. Group conversations that take place on Telegram are characterized as private affairs that are fully encrypted from the moment they leave your phone to the moment they arrive in your conversation partner’s inbox. This front-facing image combined with its unlimited file-transfer size, and its position as the “Anti-Facebook” has garnered the trust of well over 700 million users. It’s disappointing for the future of privacy and security on the internet, then, that Telegram and similar services have not been operating in their user’s best interests. Thousands of users have been exposing themselves to unique vulnerabilities that they may have been entirely blind to for years now. How can we protect ourselves online in a way that is effective and convenient? How do we know when a service has poorly represented itself before it’s too late?

Telegram WhatsApp and Security Missteps

Telegram’s story owes much to Meta’s mismanagement of WhatsApp user trust. For years, users of WhatsApp were trusting their conversations to the messaging platform believing that their data was securely in the hands of WhatsApp and no other company. In 2021 a clarification of WhatsApp’s privacy policy turned that understanding on its head^[1]. It turns out that, for years, WhatsApp had been sharing user data with its overbearing tech parent, Facebook. 

WhatsApp is a communication platform that advertises its privacy and security features above everything else. Naturally, this attracts users that are concerned about keeping their information secure and their conversations private. One could argue that this oversight falls on the user for glossing over the terms and conditions, this, however, ignores an unfortunate reality — we live in a world where fully reading and comprehending the terms and conditions for just 13 of the most popular apps on the market right now would take over 17 hours^[2]. Terms and conditions exist to obfuscate shady practices, as we saw with WhatsApp, and they operate in defense of Big Tech, giving their legal teams a leg up on the layperson. 

This revelatory reframing of WhatsApp’s practices turned millions of WhatsApp users off. When presented with the porous reality of WhatsApp’s privacy policy, Telegram, a similar service became a safe harbor to millions of users in a clearly-identifiable 24-hour period^[3]. Seeing a service that promised the privacy and security WhatsApp once claimed it had, Telegram and Pavel Durov saw a spike in downloads never before seen in their first seven years of business.

How Telegram Falls Short

It turns out that Telegram isn’t perfect either. Conversations will not benefit from Telegram’s end-to-end encryption until users dance through a brief series of hoops to enable a ”secret chats” feature, and even after doing so, they need to remember to flip the feature back on every time they pick the “secret” conversation back up. The feature works like a charm when engaged, but the fact that it must be reengaged as often as it does, leaves users twisting in the wind. Telegram users also tend to have their conversations in group chats, an area Telegram, and its encryption, fall apart. Group chats on Telegram are stored on servers, unencrypted, and open to prying eyes^[4]. Unfortunately, it seems like Telegram’s bid to become a home for private conversations has fallen short of expectations, and this shortcoming seems to be the norm when it comes to creating spaces on the internet that are geared towards privacy. The disappointment doesn’t stop there, either. Telegram’s encrypted conversations are run through a proprietary encryption process called MTProto rather than something established and well-proven like AES encryption^[5]. Telegram’s encryption has admittedly held its own so far, but it stands alone where more well-established encryption protocols have the benefit of shared knowledge between all of its users.

How Can We Maintain Privacy without Sacrificing Security?

It seems that the internet of today is going to remain constantly subjected to security shortcomings. As it stands now, the security onus rests firmly on the shoulders of the user. The internet as we know it is built on a series of services that rely on centralized infrastructure run by tech giants ready to trade your data for a quick buck. Terms are stacked against you, and companies that want to garner the good faith of law enforcement like the Ring Video Doorbell will poke a hole right in the middle of your expectation of privacy in exchange for an approving nod. There are three main things we can do as things stand, currently.

Start by carefully reviewing the terms and conditions for any service you add to your technology rotation. This can be a difficult thing to do on your own. Luckily, we have crowd-sourced summaries that break them down into plain, manageable English so you can make informed decisions as an end-user. Second, check for feature fine print, Telegram’s opt-in encryption is an excellent example of this. Design, speaks louder than words, so if you need to constantly flip a key feature on before you use it, then there’s a good chance that the app would rather you behave differently to their benefit. Third, you must diversify. Telegram may make group conversations easy and Discord may be an excellent tool for creating an online community, but neither of these services are built to protect your privacy or security like a dedicated file-sharing service.

AXEL Go is the perfect way to maintain excellent digital hygiene. Telegram and similar services will offer to handle your sensitive shares, but they will also hold onto your documents way past their intended shelf life. Their servers aren’t designed to protect your files the same way AXEL Go and its decentralized servers, are. AXEL Go uses military-grade AES 256 encryption, there are no surprises or lagtimes between it and cutting-edge encryption technology. AXEL Go also has zero interest in peering into your activity, your files are your own, and only yourself and authorized recipients are capable of seeing what your storage holds.

You can try AXEL Go and all of its features for free with our 14-day trial. See the difference a simple, secure tool backed by our $10,000 guarantee can make in your practice today.

---

Citations

[1] Condé Nast. 2022. “How Telegram Became the Anti-Facebook”. Wired. https://www.wired.com/story/how-telegram-became-anti-facebook/.

^[2]Axis, The. 2022. “It Would Take 17 Hours to Read the Terms & Conditions of the 13 Most Popular Apps”. PCMAG. https://www.pcmag.com/news/it-would-take-17-hours-to-read-the-terms-conditions-of-the-13-most-popular.

^[3]Joel Gehrke, Foreign Affairs Reporter &nbsp;|&nbsp;. 2022. “Telegram is ‘not a secure platform,’ NATO-backed strategic comms chief warns”. Washington Examiner. https://www.washingtonexaminer.com/policy/defense-national-security/telegram-secure-platform-nato-warns.

^{[4] [5]} Condé Nast. 2022. “Fleeing WhatsApp for Privacy? Don’t Turn to Telegram”. Wired. https://www.wired.com/story/telegram-encryption-whatsapp-settings/.

AXEL had the honor of hosting a roundtable with ABA GPSolo. Our very own Jeff Roper (VP of Business & Legal Affairs) along with Kassi Burns (Senior eDiscovery Attorney at King & Spalding LLP), and Rob Hook (Independent Consultant and Forensic Examiner) rolled up their sleeves to deliver the Top 10 E-Discovery and Digital Forensics Tips for Solo and Small Firm Attorneys. Since the world of work was turned on its head in 2020, we’ve had to adjust how we collaborate online, protect data, and look at digital security in the workplace. After a few years of first-hand insight, Jeff Roper, Kassi Burns, and Rob Hook share their insight with legal professionals and working professionals looking to absorb the knowledge they need to expand their businesses.

Challenges Facing Legal Professionals 

Legal professionals are held to some of the highest standards when it comes to storing and retrieving information online. The discovery process has been drastically complicated by the advent of the internet. As bad actors become savvier, sticking to those rigid ethical guidelines is more important than ever. 

Remote or decentralized workplaces present a new issue to working professionals in the form of new, unsteady norms. We understand intimately how long we should be storing hard copies of legal documents in-office. We understand the process of disposing of shredding docs and handing them over to professionals to destroy them permanently. We’re well-acquainted with keeping our personal devices separate from our work devices when sitting down at a desktop shared by the workplace. 

Burns asks us: how are you transmitting your client data, where are you storing your client data, and does your client data contain personally identifying information? These three questions are crucial to understanding cybersecurity’s gravity and potential vulnerability vectors. Your clients rely on your careful, rigorous security measures once they hand their data over to you. It’s also important to remember that your clients aren’t the only people putting their security in your hands during the eDiscovery process. If there is personally identifying information in that data that relates to your client’s customers and loved ones, then you’re also on the hook for their privacy and security.

Hidden Liabilities

One of the most challenging aspects of E-Discovery is the preservation of metadata. For the unfamiliar, metadata refers to data about the data you’re collecting. Most importantly, in the case of legal professionals, data related to dates of access and records of the most previous changes. 

By its very nature, metadata is ephemeral and easy to change. Rob Hook reminds us that this sort of data lies in a single bit (the smallest measurement of data) and when altered, it disappears forever. This can often be seen as a sort of security measure. The one-way nature of metadata, in most cases, provides us with an unadulterated view of the true nature of data being presented to us. The problem today comes from how many file storage and sharing services treat metadata once it’s handed over to their servers. 

Thanks to Kassi Burns, we were given the opportunity to examine how much information we’re truly working with throughout the eDiscovery process. Every email, text message, and file transfer opens our offices up to breaches. That means, in the discovery process, it’s essential to implement and utilize security measures wherever possible. Burns tells us if it needs to be emailed, we need to think about encryption, if we’re storing files, they need to be protected from the instant they’re retrieved, and if we need to use personal devices, then we need to ensure they’re protected as fiercely as the machines we use at work. Because we rely on hundreds of threads of information throughout our everyday lives, we should be equipping our colleagues with protective tools ready to catch any data that slips through the cracks.

Often, incomplete copies are made when we upload files to the cloud. Many file-sharing services will neglect to copy over and preserve metadata, instead choosing to overwrite it or alter it. This, in a legal setting, will often poke holes in otherwise solid evidence. The preservation of metadata is crucial to the eDiscovery process. Once we lose that single bit, we lose credibility entirely. Preserving credibility extends further than monitoring metadata. We also need to ensure that our colleagues respect and preserve the data gathered. Dispelling uncertainty by sharing a digital home for the data collected by your team ensures that you have backups, can monitor the data and that your team can access it from anywhere in the world without altering it after the fact.

Further Complications

Once we’ve dealt with the myriad obstacles presented in simply retrieving and storing documents in a way that accurately preserves them without compromising their integrity, we still have to deal with issues outside of simple shares. Are our internet connections being monitored? How do we manage to protect ourselves if they are? What do we do about colleagues using personal devices? How do we know if we’re even talking about the same thing? Rob Hook has several years of experience doing so and still to this day runs into this communication mismatch with seasoned tech professionals.

We need homes for our data that are easily accessible no matter the tech-savviness of the user. Features like secure fetch and automatic encryption provided by AXEL Go create a foundation of security that raises every practice, big or small, to levels of personal security that we have not seen to date. Uncertainty when it comes to tech is a natural part of existing online. That’s why file-sharing and storage have to become a process that is as simple as possible on the front end. We often take user experience for granted when discussing cybersecurity solutions, but creating easy-to-use solutions is the first step in getting users to commit to cybersecurity in a real-world sense.

Kassi Burns and her hands-on experience sheds light on the practicalities of keeping the discovery process as secure as possible. We live in a world where practically every interaction crosses over into the digital world at some point. We need to create access points on personal devices that provide the maximum amount of security with the minimum amount of friction. Securely requesting, sending, and retrieving documents needs to become second nature, and as a feature in file-sharing services, we should be expecting these to become the norm in the future.

What Does AXEL Go Do To Remedy This?

AXEL Go has been designed to improve and supplement the eDiscovery process. Military-grade end-to-end encryption built into AXEL Go allows legal professionals to send and retrieve files in a personalized bastion of security, decentralized storage solutions further protect these files by separating them into dormant shards until an authorized user calls them together, and most importantly, ease of use has been built into the system. Legal professionals with any level of tech literacy can jump into the eDiscovery process in a secure, private, and ethical manner with minimal entry barriers. The constant stress of building a secure network for your colleagues can be remedied simply by entrusting your data (and your clients’ data) to a secure source.

This year, our Roundtable landed on one crucial thing: we can improve the way we work online without fumbling over over-technical obstacles. A single secure solution to your discovery problems is just one click away. Thank you to Kassi Burns and Rob Hook for bringing your professionalism and invaluable insight to the roundtable. With it, we will build a more secure and robust internet and eDiscovery process.

Please take a moment to listen to or watch this roundtable, titled “Top 10 eDiscovery and Digital Forensics Tips for Solo and Small Firm Attorneys”, co-sponsored by ABA GPSolo and AXEL Go.

You can try AXEL Go Premium with all of its features unlocked for free by signing up for our 14-day trial. See the difference a simple, secure tool backed by our $10,000 guarantee can make in your practice today.