Tech & Telecoms

Bahrain: Is it possible to send sensitive information securely?

Today, the risk of cybersecurity breaches is at an all-time high with nearly all aspects of our lives becoming completely digital.

Earlier this month, the Central Bank of Bahrain has informed all financial institutions including banks and insurance companies not to send any e-mails or SMS with sensitive information. Instead, they were urged to find other alternatives with increased security.

We have reached out to financial institutions and technology companies in Bahrain to gain some insight on how they currently transfer sensitive data, how they ensure security of their clients’ information, and how this could be improved.

Christian Rasmussen, CEO of Beyon Connect says that this move by the CBB is a key step towards ensuring the individual rights for safer access to their data. Beyon Connect naturally endorses the move as it is directly aligned with their initiatives and products recently launched in Bahrain – OneBox for secure digital communication to all citizens and OneID for providing all individuals a digital identity that can grant access to trusted digital sources of information from public and private sector entities.

How does your organisation currently transfer sensitive information to clients?

With OneBox, every single communication between the sender and the receiver happens within a closed ecosystem and platform, where all data is fully encrypted. Both the sender and the receiver are validated through their biometric CPR card or Passport. The communication cannot be intercepted, opened, nor tampered with during transmission or when the receiver receives the official letter.

What is the most secure way to send and receive sensitive information? Why?

The most secure way to communicate with your clients is through highly advanced digital communication platforms that ensure the data and privacy is preserved end-to-end, and that once the official letter is sent to the client, it remains in their possession and under their control.

We went forward and brought our most advanced and secure communication solution – the OneBox – to the region, for this reason. Legal entities can communicate with their client only on the basis of knowing their CPR or Passport number. Since senders cannot guarantee that nobody else reads your emails, check who has access to your email, or if you have access to it all – this solution gives the sender a unique opportunity that they did not have previously.

When your clients’ security is suspected to be compromised, what steps do you take to safeguard their information?

As all our clients’ data is fully encrypted with their own digital certificates and keys stored on their smart phones, you simply cannot use the data without having the certificate, the phone, the individual himself and the known passwords as well as facial recognition to decrypt it.

Furthermore, Beyon Connect collaborates with the local authorities to ensure that all corners of the platform and the data exchanged on it are fully safeguarded and governed to ensure the privacy and protection of the citizens information.

Emails and SMS are the easiest and most common modes of communication. Do you have any alternative methods for sharing data securely while also providing convenience to the client?

E-mails, SMS, and other SoMe channels can seem like the perfect and easy way to communicate with your clients, but in reality – you do not necessarily own the data anymore once you have transmitted it to the client. Furthermore, most of the options available have the imperfect complexity that you have no assurance if the end user actually is who they say they are and if they ever received the official letter. And this can always be questioned unless you use a closed ecosystem and digital postbox system like OneBox for communication and OneID for validation.

Financial institutions generally have a very good record of protecting clients’ financial security and have already established methods in place to do so. What was the need for the government to give these instructions?

While it is true that mostly all financial institutions have very good understanding and control of their communication with their clients, still personal dialogues are often managed through alternative and less secure channels. And in the process, the clients tend to think it is fine to exchange personal information back to their point of contact.

Another aspect often overlooked by the legal entities, is that you need to be able to hand over the documentation to your clients either on a permanent basis or upon requests – which gives you quite a headache, if you suddenly have to sort out all your existing clients documentation and personal information. It is much better to hand it over to the clients directly, when you initiate the first communication thread – which is what we aim to do with OneBox and essentially remove all need for physical and unsecure communication between any sender and their clients.

Comments

Back to top button