The government is urging Americans to prioritize end-to-end encryption for messaging following one of the largest cybersecurity breaches in history. It was called Salt Typhoon, and it hit major telecom companies like AT&T and Verizon, exposing vulnerabilities across critical infrastructure. The FBI, NSA, and CISA responded with direction to help safeguard communications, with end-to-end encryption as the key defense.

What is end-to-end encryption? It sounds fancy, but mostly it’s like have strong passwords baked into the messaging when you are texting. When there’s end-to-end encryption, it’s almost as if there are passwords on both sides of the message, but no one has to enter them to view the message.

You may have noticed your messaging sometimes says RCS, which stands for Rich Communication Services. This is Google’s version of end-to-end encryption. Use it whenever possible. Apple’s version of RCS lacks encryption, and messages sent between iPhone and Android users still default to unencrypted SMS or MMS. Apple’s iMessage provides secure communication between Apple devices, but messages to non-Apple users revert to less secure methods. Facebook Messenger also has gaps, as some messages are encrypted while others, like Marketplace or business chats, are not.

WhatsApp and Signal lead the way with built-in end-to-end encryption. Signal, favored for its strong privacy ethos, doesn’t store sensitive user data. WhatsApp’s widespread adoption makes it practical, though its parent company, Meta, has faced privacy concerns.

Encryption isn’t a silver bullet. If your device is compromised, hackers can still intercept data. You can mitigate risks by regularly updating your software, avoiding suspicious downloads, and rebooting your device at least weekly to disrupt potential attacks.

(If you haven’t rebooted your phone in the last week, do it now.)

Hackers target the weakest link, and outdated communication methods like SMS remain vulnerable. As Kory Daniels of Trustwave puts it, “Threat actors go where the masses go.”

Think of encryption like birth control. You take all the necessary steps to prevent pregnancy, but sometimes it happens anyway. The only way to protect yourself fully is abstinence. In this case, abstinence means NEVER sending any sensitive information through an unencrypted messaging platform.

The recent Salt Typhoon cyberattack on major telecom companies has highlighted serious security risks in messaging systems. This is particularly important for businesses that often share sensitive information through text messages.

Action Items:

1.   Audit Your Current Messaging:

•     Make a list of all platforms your business uses for communication (texting, messaging apps, etc.)
•     Note which employees use which platforms to communicate with clients/vendors
•     Identify what type of sensitive information you’re currently sending through messages

2.   Switch to Secure Messaging Apps:

•     Use WhatsApp or Signal for business communications when possible

○     WhatsApp: Good for international business communication

○     Signal: Best for highly sensitive communications

3.   Set Clear Communication Policies:

•     Create a list of what information should never be sent through regular text messages (SMS), such as:

○     Financial information

○     Passwords

○     Client personal data

○     Business account details

4.   Device Security Basics:

•     Implement a mandatory weekly device restart policy for all business phones
•     Keep all devices and apps updated
•     Train employees to avoid downloading suspicious files or clicking unknown links

5.   iPhone/Android Considerations:

•     Be aware that messages between iPhones and Android devices are not automatically encrypted
•     Consider standardizing your business on one platform if possible
•     If using both platforms, use WhatsApp or Signal instead of regular texting for sensitive information

Remember: Treat unencrypted messaging like a public conversation – never send sensitive business information through it. When in doubt, use WhatsApp or Signal, or switch to a phone call for sensitive discussions.