By default, WhatsApp chats are end-to-end encrypted, but the backups arent encrypted for iPhone users. To be on the safe side, you can enable end-to-end encryption for those WhatsApp backups. Heres how.

Start by opening WhatsApp on your iPhone. Next, tap the Settings (gear-shaped) icon in the bottom-right corner.

In WhatsApp Settings, select Chats.

In Chats, tap Chat Backup.

Under Chat Backup options, tap End-to-End Encrypted Backup.

The next screen will show that the Encrypted backup is off. Select Turn On.

On the next screen, tap Create Password.

Type a new password with at least 6 characters and one letter. Then, tap Next in the top-right corner. Retype the same password on the following screen, and tap Next in the top-right corner again.

Tap the Create button at the bottom to confirm that you want to create a new End-to-End Encrypted Backup. WhatsApp will prepare your backup with encryption and store it in iCloud.

Thats it! When you want to restore your WhatsApp messages backup, youll have to enter the same password that youve set for your encrypted backups. Good luck!

RELATED: How To Back Up and Restore Your WhatsApp Messages with Google Drive

See the original post:
How to Encrypt WhatsApp Chat Backups on iPhone - How-To Geek

Nearly a third of hospitals and health systems are planning to implement biometrics (29%), digital forensics (28%) or penetration testing (28%) within the next 24 months, according to new HIMSS research. (HIMSS is the parent company of Healthcare IT News.)

However, 43% say funding is keeping their organizations from executing on security challenges they have, the research shows. This is not good as healthcare remains a primary target of cyber criminals.

So Healthcare IT News has interviewed a cybersecurity expert to get his views on where healthcare cybersecurity will be headed in 2022. Manoj Srivastava is general manager of security, ID Agent and Graphus at Kaseya, a vendor of IT management software.

Q. What do you see on the horizon in 2022 when it comes to technological advances in healthcare cybersecurity?

A. There are at least three technological advances that will apply to healthcare cybersecurity and across other industries as well. They are password-less authentication, secure access service edge (SASE) and zero trust.

Will passwords finally become a thing of the past? Possibly. The use of password-less authentication is growing, as it can help healthcare organizations reduce security risks associated with passwords.

Eliminating passwords can reduce the risk for a data breach since compromised credentials account for a large percentage of breaches. There are various ways to verify identity other than passwords, including biometrics, such as fingerprints and one-time passwords, which require users to input a code that is either emailed or sent via SMS or used with an authenticator app.

An SASE combines SD-WAN and security into cloud computing, and is quickly becoming a VPN replacement for remote work and distributed offices. Security consists of digital identity, which may be connected to a person, device, cloud service, software or even an IoT system. SASE makes it more secure without the complexity and latency of the traditional WAN/VPN approach.

Finally, zero trust is a shift of network defenses toward a more comprehensive IT security model. It is about not trusting any user or any device even if it is already connected to the corporate network.

Anytime a new resource is requested by connected users and devices, re-authentication is required. Zero trust is a security model or a security architecture. Products supporting various security controls in a network are now supporting zero trust.

Q. What's going on in the tech side in the cybersecurity space? What new technologies/techniques are emerging?

A. There are two emerging technologies, homomorphic encryption and blockchain, whose impact on the security of the healthcare industry is particularly interesting.

Homomorphic encryption (FHE) enables people to collaborate simultaneously without revealing confidential data. By using an encryption scheme, users can run tasks on encrypted data producing the same encrypted results as if they were using plaintext.

Typical methods of handling sensitive data with collaborators may be at risk. When files are sent, they may be encrypted, but once in use, they are decrypted providing bad actors with opportunities to access the data.

FHE eliminates this by allowing people with access to manipulate the data, keeping it encrypted and reducing the time it is decrypted. Another feature of this technology is that it can restrict decryption access so people can view only the parts they've been granted access to.

Keeping medical records safely stored and protected has long been a priority, and challenge, for healthcare organizations. Blockchain tech may make it a little easier to achieve while minimizing fraud and the costs associated with it.

Through blockchain technology, patients can access their medical information through a collective network. This technology allows for greater security and privacy. Additionally, the information would be housed on a single, trusted platform where physicians and other medical personnel could access the same data. Updates would be available immediately to everyone at once potentially revolutionizing patient care.

Q. What does the next year look like when it comes to ransomware, and the volume of malicious attacks? And what should healthcare provider organizations be doing to prepare?

A. The industries most impacted by ransomware are the public sector, professional services and healthcare. In addition to the perception these industries can pay ransom, they tend to store large amounts of data and safety measures are not as good as they should be.

Bottom line no industry is immune from ransomware attacks, but these are the most vulnerable. Also, companies with 1,000 employees or fewer account for nearly 70% of ransomware attacks. With emerging variants always on the rise and attack vectors getting more sophisticated, it's safe to say ransomware attacks will continue to plague healthcare providers and society as a whole.

There are three interesting factors at play the U.S. government is determined to go after cyber criminals behind ransomware; there is increased international cooperation; and new regulations might get approved to track bitcoins and other digital currencies.

All together, these should bring down the number of high-profile attacks targeting critical infrastructure, including healthcare. But cybercriminals are not going to go away that easily. They might just change their tactics. Instead of targeting larger organizations and demanding seven-figure ransoms, they might just target a larger number of smaller organizations and demand only five- and four-figure ransoms to stay below the radar of law enforcement agencies.

To prepare, organizations should perform regular data backups and integrity checks of those backups, and provide security awareness training to employees to avoid phishing and other social engineering tactics.

Additionally, there should be a patch management system and discipline in place. Finally, limiting privileges to access files and directories also is essential to mitigate lateral movement of attackers if they were to breach non-privileged user accounts.

Q. What other cybersecurity developments do you think will be important for healthcare in 2022?

A. As the Internet of Things continues to expand its reach in the real world, including the medical field, IoT security will also need to be prioritized by healthcare providers. Thousands of devices that comprise the Internet of Things must be protected that includes items you may find in hospitals and healthcare centers, such as infusion pumps and remote patient monitoring devices, among others.

As tech expands, other intelligent medical equipment also will need to be safeguarded, as well as things we may use every day, from smart elevators to smart HVAC systems.

Twitter:@SiwickiHealthITEmail the writer:bsiwicki@himss.orgHealthcare IT News is a HIMSS Media publication.

See more here:
Cybersecurity in 2022: password-less authentication, zero trust, blockchain and more - Healthcare IT News

The Hill may be compensated and/or receive an affiliate commission if you buy through our links.

People have been spending the majority of their waking lives online more than ever. Due to the pandemic and how it forced us to transfer our work and social lives online, the average adult in the U.S. allocates an astounding 16:06 hours a day on digital media. That's a huge increase from the already questionable 12:24 hours spent online pre-pandemic.

With tech as your lifeline and most of your personal information being dumped within the crevices of the online web, the responsible thing to do is to protect your data whenever you connect to the internet. A VPN is one of the easiest ways to do that, and thankfully, you don't have to spend much to gain access to reliable services. This Cyber Week, a lifetime subscription to RealVPN is available for an extra 20% off with the code CYBER20.

Compatible with Mac, Windows, iOS, and Android, RealVPN works to deliver total online freedom. It encrypts all of your data and all Internet activities from any app on your device, making them unreadable once they make their way around the internet. Whether you're connected to a private network or a public WiFi, you can rest assured that your pertinent information remains safe and secure, including from your ISPs. You won't have to worry much about advertisers, either, as they will be unable to pinpoint your physical location.

With multiple VPN servers spread across the globe, RealVPN offers the best connection speed at all times. Most importantly, it uses high-grade encryption AES-256 for your personal data, so you can enjoy secure access whether you're online shopping or banking. You're also rendered anonymous online, allowing you to hide from anyone who might want to interfere in your conversations.

A subscription to RealVPN lets you protect up to 5 devices connected simultaneously via a single account. With the one-button feature, you can enable protection with just a quick click. A lifetime subscription normally retails for $249, but you can grab it on sale for $15.99 with code CYBER20.

Prices subject to change.

See the original post here:
Save an extra 20% discount on a lifetime subscription to this VPN service | TheHill - The Hill

Earlier this year, WhatsApp updated its policy and forced users to accept the changes if they wanted to continue using the app. This move caused heavy backlash for various privacy and security reasons and prompted users to reconsider using the app for personal communication.

WhatsApp privacy policy is terrible for user privacy, says Ashley Simmons, founder of avoidthehack!, a website that promotes online privacy and security awareness. It requires data sharing with Facebook, doesnt offer encryption for chat backups, and mines the metadata of your messages.

For instance, a WhatsApp blog post published in 2016 reads, And by connecting your phone number with Facebooks systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.

After concerns like this garnered public attention, WhatsApp came forward with various clarifications, but by then, a lot of users had already started looking for alternatives like Telegram and Signal.

Today, WhatsAppstill has more than 2 billion active users, but discussions about dumping the app for another, potentially more secure messaging service are still going online.

Should users really consider leaving the app? Do suitable alternatives exist? We asked technology, social media, and privacy experts.

Simmons believes the time to dump WhatsApp was back in 2014 when Facebook acquired it. Facebook (Meta) may not be consistently reading the contents of your messages but they know other sensitive bits of information (metadata) such as who you are, who you talk to, which devices you and your devices communicate with, the time you sent the message, and from where you sent the message, Simmons says. In short, your privacy is silently being invaded.

On the other hand, experts like Jackie Leavitt, chief editor of Cloudwards, an online publication on cloud-based technology, believe dumping the app may be difficult as its free and nearly everyone around the world uses it. For instance, apps like Telegram and Signal still have a smaller user base. [These apps] dont have the spread WhatsApp does, so they cant functionally replace WhatsApps communication power just yet.

Viber, Telegram, Wire, Discord, and Skype are other options users are considering.

While people are open to alternatives, not everyone has made the switch to other messaging apps. So even if there are serious security concerns in using WhatsApp, ultimately, users may be forced to choose the app anyway, simply because most of their family members and friends are available there.

Finally, despite its popularity, the app doesnt cover everyone. Users who have limited access to the internet and smartphone cant be reached through apps like WhatsApp, says Derek Ting, co-founder and CEO of TextNow, a service that offers free calling and texting on any device without the need for another person to have the same app installed.

With all these factors working together, people have realized its not a good idea to put all their eggs in one basket, Ting says. And now people know alternatives exist.

Signal is currently the best alternative we recommend in terms of reach, security, and privacy-enabled features, Harold Li, vice president of ExpressVPN, points out. It is a messaging app created by Open Whisper Systems, now part of the Signal Foundation that created the end-to-end encryption protocol that is also used by WhatsApp, Microsoft, and Google. Signal is also open-sourced, allowing its security to be vetted by cybersecurity experts.

Simmons recommends taking a look at Threema and Element that require less (or hardly) personal identifiable information to sign up/use, offer strong encryption protocols, and collect minimal usage data (such as metadata described above).

Viber, Telegram, Wire, Discord, and Skype are other options users are considering, though not all necessarily place a premium on privacy the way Signal does.

However, despite the wide choice of alternative messaging apps, dumping WhatsApp may not be the best option for everyone. WhatsApp is not going away, as it has the backing of the largest social media company in the world, with a massive user base in countries where WhatsApp is one of the most common forms of communication, Ting says.

If you must be a part of your regular WhatsApp groups with little to no possibility of convincing your frequent contacts to use another messaging service, you have no choice but to agree with WhatsApps policy and continue using the app.

Thats why, ultimately, whether people should really dump WhatsApp comes down to personal choice and individual circumstances. If your entire household depends on it for school and work, it may be more feasible to continue with the app. However, if you have the opportunity to make a switch, it may be a good idea to find a more secure service that offers similar features but with more privacy options and transparent data sharing policies.

See more here:
Nows the time to dump WhatsApp, privacy advocates say - Digital Trends

( Boston, MA,05/30/14) Andy Yen, cofounder of ProtonMail. (see Jordan Graham story) (Staff photo ... [+] by Stuart Cahill) (Photo by Stuart Cahill/MediaNews Group/Boston Herald via Getty Images)

Proton CEO Andy Yen once worked at CERN before deciding to kickstart his encryption-focused company ProtonMail out of beta through a crowdfunding campaign. Since then, ProtonMail has expanded into a variety of privacy-preserving technologies, from rolling out a drive product and calendar product with enough intuitive access features that it could be a very real competitor to Googles GOOG suite of products to allowing for organizational control of different emails and releasing its own VPN product.

The company has been renamed to Proton, to adjust for its broader focus on privacy-enhancing tools outside of email. What follows are excerpts from my interview with Andy on his thoughts about encryption, bitcoin and the enduring importance of privacy. The questions and responses have been excerpted from a larger interview, and written out in a way that is more reader-friendly and focused, though the substance is there: the content of the answers matches almost exactly those in the full interview save a few formatting edits and changing the order of one question.

Proton is structured in an interesting way from ProtonMail to ProtonVPN what do you see as the full privacy stack of tools which can maximize encryption and minimize surveillance? How do you see Proton interacting with other privacy tools such as bitcoin and Signal?

As a business, were shifting from a single privacy product, ProtonMail to Proton as a privacy platform, privacy ecosystem as a privacy infrastructure for the future. Obviously when you think about privacy online, email is an important part because it is an identity many people say that it is the only identity that matters today, but it is still limited and that is why we introduced ProtonVPN to allow facility and access to ProtonMail services, thats why were doing a calendar and drive. Well be expanding on that ecosystem of course.

The way to really consider this is, in fact, all services that Google offers today are built and designed in a way to maximize the data they can collect in order to sell better advertising. You could take all of those products and services and rebuild them in a way that is centred around making privacy the default and being as private and as secure as possible. In fact, theres nothing that Google offers that couldnt be rebuilt in a better way, and that whole ecosystem could in fact be recreated in a privacy-first way.

And what you do see is different companies, different startups starting to pick up different pieces of that. Obviously, we have the email, VPN, file storage and calendar piece that were working on. DuckDuckGo is doing that on search. Signal and Telegram are adjusting this when it comes to chat. I think its a very healthy and vibrant fact that we have an ecosystem today where theres many companies in the space, and it becomes increasingly possible to replace more and more pieces of your online life with private versions of [products].

Blockchain is another element there. Weve been long-time supporters of bitcoin from the very beginning. [...] Its a means of independence. For the space to survive, for privacy to thrive, you need to be able to be independent. You need to be not under the control of lets say, big tech or even the banking system. This level of independence really needs to be there to be in order for you to really do what is best for users at all times. This is why we also support cryptocurrencies and we support it as a payment method.

I personally would like to see more adoption of cryptocurrencies, because I think thats something that leads us to a world where things are less centralized. Centralization is a very very big risk because it means a single company can essentially cut you off and kill you. Resilient systems must be decentralized. We are building a platform or an ecosystem, but we are working as much as possible to be part of a broader ecosystem because we know we cant do it alone.

(Paypal once restricted ProtonMails account, with one representative questioning if the service was even legal).

Youve spoken and written often about the negative effects of big tech monopolies. What are your thoughts on the acquisitions in the space something Ive been seeing in the space for example with Zoom acquiring Keybase.

There are acquisitions within the privacy space the Zoom/Keybase acquisition was a very specific one it was to try to repair the security and privacy reputation [of Zoom] that took quite a big hit last year. From the perspective of Proton, our business model doesnt allow us to be acquired by Google and become part of big tech. It simply isnt possible, it would undermine our value proposition and I think if you are building businesses in privacy that is something to keep in mind.

Very so often, a lot of people start companies solely for the purpose of selling them, and the usual buyers in the past were big tech. That avenue isnt possible for privacy companies and I think that is a good thing, because if it were possible, then big tech would just own everything and you would have a competition issue.

What about the pricing (for example app store fees) and talent effects of big tech monopolies?

The things that Apple and Google are doing on the app store clearly are anti-competitive in many ways. You cannot have a fair competition if you are mandated by your competitor to pay them 30% of your revenue. There is no market, historical or future, where fair competition can exist under those circumstances. This should be very obvious [...], its very obvious to us. It took quite a long time for lawmakers to realize that this is an issue and theyre starting to realize its a problem now and thats why were seeing action on both sides of the Atlantic to pursue that.

[...]

Its also very bad for privacy, because if you look at the advertising business model, they dont charge for their product. The way that they work is that you get the product for free and theyll monetize you off of your data and using your most intimate and sensitive information to basically sell you ads.

A service like Facebook, honestly, would never have the payback fee but assume there was a more responsible version of Facebook that was going to subsist off of subscriptions instead of massive data abuse. That service would because of app store policies be put at a competitive disadvantage. Theyd have to pay fees that the bad business models dont have to pay. What the app store fees are essentially doing is strongly favouring ads-based business models which are bad for privacy and through that way, consumers around the world are harmed as a result of this.

[...]On talent, its an interesting question big tech because of their size sucks up a lot of the talent in the tech sector. But I believe what weve been seeing in the last year or last two years has been the rise of employee activism in that employees care of course about making a paycheck [...] but theres also more and more people [...] who also care about what theyre doing in their life. [...] If you care about those things, and there are bigger and bigger proportion of people these days, especially young people, then you ask yourself the question: do I want to spend my life working at the worlds biggest ad company, and abuse data to optimize ad returns? Or do I actually want to build the Internet of the future that defends democracy, defends human rights and ensures freedom for all?

-

It has been an interesting year for Proton, which has seen it launch new products, and continue building as part of a privacy ecosystem a place where parts of the Internet, including cryptocurrencies, Bitcoin and the broader encryption ecosystem are gradually building towards.

View original post here:
An Interview With Proton CEO Andy Yen On Big Tech, Bitcoin And The Enduring Importance Of Privacy - Forbes