Security Bundle: Get to Know Rocket.Chat’s Newest Weapon For Secure Messaging

Lucia Fallavena
February 10, 2021
·
5
min read
Share this on:

As companies went fully remote, keeping teams connected has become their top priority. The need for digital communication apps led companies to choose popular tools, like Whatsapp, Slack, MS Teams, and Cloud-based apps. While extremely popular, such tools also offer serious security risks. So how can companies deal with sensitive information in a secure manner?

Read More: Is WhatsApp safe for companies? A quick guide for secure messaging

Why Companies Are Moving Away from Risky Applications

In the past two years, 53% of organizations from the USA had at least one data breach, as pointed out by the Ponemon Institute report. Message encryption, such as end-to-end encryption (E2EE), has evolved from an optional to an essential component of businesses’ security stack.

At Rocket.Chat, accelerating businesses’ productivity through secure communications is a top priority. As the world’s open-source communication platform, we're considered one of the most secure communication hubs. However, being one step ahead of hackers is a must to ensure safe digital communications. That’s where the Security Bundle enters the picture.

Security Bundle: What Makes This a Powerful Security Weapon?

The Security Bundle offers clients a way out of the unsafe closed-source communication world.Security teams won’t worry about risky apps carrying their companies’ valuable information away anymore.

Theo Renck

Theo RenckVP of Product

The Security Bundle is one of the first Roadmap additional improvements as a result of our Series A funding round.

The package is composed of three essential security tools:

  • Data Loss Prevention app
  • Open-source Antivirus app
  • E2E encryption Improvements

Keep on reading to learn more about each one of them.

1) Data Loss Prevention App

Data loss prevention (DLP) is a set of tools that ensures sensitive data is not misused, lost, or accessed by unauthorized users. Driven by regulatory compliance, it classifies controlled and confidential and assists companies to identify violations of policies defined by organizations.

Ultimately, DLP is meant to prevent human errors from putting a whole organization at stake. In fact, this report from TechRadar pointed out that human error created 90% of the data breaches observed in 2019 for small businesses and enterprises. More often than not, data breaches happen when sensitive information is sent to the wrong person.

Once any violation is detected, DLP immediately enforces remediation with protective procedures that will limit end-users’ actions and intercept malicious data.

Do I need Data Loss Prevention?

The answer goes down to your specific businesses’ needs.

Here are a few questions to keep in mind when considering DLP:

  • Is your company concerned with preventing unauthorized disclosure of data?
  • Does your organization collect or store Personally Identifiable Information (PII), Payment Card Information (PCI), or Protected Health Information (PHI)?
  • Is your company subject to compliance regulations, such as GDPR (if you are in the EU) and HIPAA (for PHI), that require you to protect your customers’ sensitive data?

If you answered a strong “YES” to any of these questions, then you should consider DLP as a crucial security solution.

How does our DLP app work?

Rocket.Chat's DLP features help users to identify, classify, and protect their company’s data. By using it, admins can create a list of regular expressions to be monitored in Rocket.Chat. Once a regular expression is detected, it appears blurred in the room where it was originally written. The original message is forwarded to a predefined channel for auditing flow, where a moderator can approve or reject its content to be exhibited in the room.

You can add as many moderators as you want to check the moderated words. It’s also possible to select the rooms in which you can apply the DLP rules. If you have channels within Rocket.Chat you it’s more likely to happen a leak of sensitive information, such as the finance team channel, for example, you can set the tool to run just in this specific channel. Check the video below to see more details:

/wp-content/uploads/2021/02/106592399-77c65e00-6575-11eb-8cc7-fcd2fbeed775.mp4

2) Open Source Antivirus Plugin

The release of Rocket.Chat 3.11 will bring a brand new open-source antivirus ClamAV for our users. The open-source (GPL) antivirus engine is used in a variety of situations, including email scanning, web scanning, and endpoint security.

Features included in ClamAV

  • Command-line scanner.
  • Virus database updated multiple times per day.
  • Built-in support for various archive formats, such as Zip, RAR, Dmg, Tar, GzipBzip2, OLE2, Cabinet, CHM, BinHex, SIS, and more.
  • Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor, and more.
  • Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF, and PDF.

3) End-to-End Encryption Improvements

End-to-End encryption (E2EE) allows users to communicate privately without the cleartext communication visible on the server for administrators.

Read Also: Secure messaging: what makes Rocket.Chat a safe platform?

For Rocket.Chat 3.11, we’ve fixed bugs and added new capabilities for E2EE as a kick-off for significant enhancements to come to this feature throughout the year.

Main E2EE improvements:

  • Discussions can now leverage the full E2EE capabilities like the other channel types
  • Encryption key changes just got a lot easier: now you can correctly continue E2EE chats with a new encryption key after a proper key reset.
  • New global setting: create private channels encrypted by default.
  • Toggling the E2EE setting in a channel now creates system messages, in addition to the already existing key icon, informing channel members whether the setting has been changed recently.
  • Messages are rendered and blurred in E2E encrypted rooms when waiting for the user to insert the E2EE key.

Last but not least: bugs related to flickering channels and invisible messages were also fixed for Rocket.Chat 3.11.

Stay Tuned: More Security Improvements Expected For 2021 ?

We plan to release more security improvements throughout 2021, turning Rocket.Chat into more user-friendly, configurable, and secure for our users. Make sure to always check out our blog and its Product section as well.

If you want secure messaging at your fingertips or still wondering how to make your digital workspace safer, shoot us an email. We’ll happily get in touch with you!

Product Marketing Manager at Rocket.Chat. Lucia keeps our readers informed about the latest Rocket.Chat product news & improvements.
Lucia Fallavena
Related Article:
Team collaboration: 5 reasons to improve it and 6 ways to master it

Our best content, once a week