More than a million small and medium businesses (SMBs) worldwide can now access a Brisbane-built, ransomware-proof zero knowledge encryption and data backup tool after fast-growing firm Cryptoloc secured a deal to integrate its technology with the Microsoft 365 productivity suite.
Users of the platform – which is used by around 1 in 3 SMBs worldwide, according to Statista – can now leverage Cryptoloc’s novel three-party encryption system to store their Microsoft 365 documents in a heavily encrypted, secure cloud repository called Cryptoloc Cloud that offers version control and continuous data backup.
The company’s novel approach to encryption – which put the company on the world stage after Forbes named it as one of the world’s most innovative security solutions – both uses unique encryption ‘tokens’ to lock data access to a specific device, and enables users to designate a trusted third party that can hold an emergency access key in escrow so the data can be recovered if a mobile phone or laptop is lost, or a key contact becomes unavailable.
Anybody else – and even Cryptoloc itself – is physically incapable of accessing users’ data without the device and token.
This, executive chair and founder Jamie Wilson told Information Age, means Microsoft 365 users can now store their critical business documents in a secure environment that can’t be compromised even if cyber criminals buy or download valid credentials on the dark web – an increasingly common practice that has recently led to the compromise of targets including Dan Murphy’s, Dymocks, Latitude Financial Services, and many others.
“I could give you my username and password right now, like a lot of breaches now where cyber criminals find them on the dark web,” he said. “But without that unique token, it’s pointless: you can’t see any of the information, and it’s all encrypted uniquely.”
By making data inaccessible to ransomware or malware, Wilson said the Cryptoloc approach solves many of the pain points that are savaging SMBs that are often run by people with limited technical knowledge and little understanding of how to secure their data, or protect it from ever smarter cyber criminals.
“The problem is that with current encryption, it’s always the individual that has full access,” Wilson explained. “If they get hit with a ransomware attack or they’ve had a vulnerability, [attackers] get full access to the kingdom – and if the individual loses access, they can never regain it.”
Improving data security had become even more important given that cyber criminals’ increasing use of generative AI (genAI) has tightened the screws further, powering voice and video deepfakes and allowing attackers to bypass multi factor authentication (MFA) security mechanisms by tricking users into giving them one-off verification codes.
“The scams have become a lot more sophisticated, and because it’s challenging for many to be able to pick it up, it has just been an open walk for a lot of these cyber criminals,” Wilson said, noting that many SMBs end up paying ransom demands because they “don’t know what else to do… they get stressed, and just hope that nothing happens to them.”
“That’s why it’s critical to make sure that we protect the data from the physical devices,” he continued, “or where it’s generated from. They know they don’t have to worry about backups, and if they lose their laptop they’ve still got all their information – and they know it’s secure.”
A coup for Australian encryption
Cryptoloc’s success in securing the Microsoft partnership – which was acknowledged by Queensland Premier Steven Miles as “a testament to Queensland’s thriving innovation ecosystem [that is] setting the pace for global data security” – also confirms that Australia’s strength as a developer of encryption solutions has survived concerns years ago that back-door provisions in the new encryption legislation would destroy the global reputation of Australian security specialists.
“Fortunately, those days are well and truly gone,” Wilson said, noting that with zero-knowledge solutions like Cryptoloc’s in place, “even if someone put a gun to my head [to expose user data] I couldn’t help them.”
The partnership with Microsoft – which took months of negotiations and visits by senior Microsoft security experts to validate Cryptoloc’s technology – marks a significant win that is likely to drive even more growth for Cryptoloc, which in recent years has expanded to offices in the US, UK, Japan, and South Africa.
That level of security and control led Brenna Robinson, Microsoft general manager for SMB and Microsoft 365, to note that Cryptoloc’s integration with the productivity platform “demonstrates how businesses, especially SMBs, can enhance their operations while maintaining high security standards.”
“It’s about enabling businesses to work smarter, not harder, in today’s digital landscape.”
Jamie Wilson will appear at the ACS Tech Summit Jamie as MC of the cyber security panel. The ACS Tech Summit is one-day event in Brisbane on 31 May. See the detailed program, speaker line-up, and registration information here.