Companies are using unreliable and unprotected methods and tools that do not have a security basis for encryption.
Marc Hocking, chief technology officer at Becrypt, claimed that he had seen instances of Winzip being used as an encryption product to send sensitive files.
Hocking said: “Winzip was never designed with security in mind; it was designed for compression rather than security. People are not putting policy in place but the question is how to communicate to them to ensure that they do.
“I talked to one company who were using file folder encryption as an encryption product as they thought that whole-disk was too slow. So they used file folder assuming that it would encrypt what they needed.
“The fact that they believed that gave themselves a false sense of insurance and this is a problem we are seeing in companies and a lot of education is needed. We should be asking ‘are you buying products for the right thing?'”
Hocking claimed that there is a problem with the technologies that people seem to use now being re-badged as security products and that is where the vulnerabilities are going to be in client implementation.
“This is a cultural thing, making sure the tools are there but if guidance is not there it breaks down so you have got to have the tools to backup the culture,” said Hocking.