B2B companies of HN, how do you communicate with each other privately? I'm struggling to find a secure communication medium.
Setting up PGP is annoying and also requires recipients to have it.
Emails are clearly not private.
Whatsapp, Messenger, Signal and Telegram are a bit personal (most require a phone number, and companies don't provide phone numbers to all people). SMS/ phones are also not secure.
LinkedIn premium is expensive monthly and doesn't provide a good messaging UI.
Oh, the reason why I ask B2B specifically is because consumer products can communicate through their platforms where users already have accounts. Their either enmeshed in platforms or have their own platforms.
Frankly, focusing on the absolute security of the communication medium isn't a real issue for 99% of business purposes.
Phone calls are secure enough for most purposes. At the upper levels of business, e-mail is used for quick notes and corrections, but the heavy lifting is going to happen in phone calls and other real-time communications.
Techies some times put too much emphasis on things like cryptographic security of the communication channel or strength of encryption, when in reality it doesn't matter for phishing attacks like these. You could go to great lengths to get your customers set up on Signal or Telegram, but it doesn't matter the second they get an e-mail phishing attack that says "Hey, I got a new phone, locked out of my account, can you just attach the document here?"
> When I was an investment banker, I once negotiated a billion-dollar swap deal with the chief financial officer of a foreign company. I was pretty sure he was the CFO. He had business cards. He was smart and knowledgeable. I met him, once, at the company’s offices, though after that we only spoke by phone. Our local banker knew him. When we signed the deal we got representations of authority and so forth. But at some point someone on my desk asked how I knew that he was really the CFO of this company. What if he was just some guy, taking my bank for a billion dollars? What if he snuck into their offices to meet with me? What if the office I went to, on a brief and busy visit to a foreign city, was fake? What if he was the company’s janitor? What if our local banker—a relatively new hire—was in on it too?
Firstly, a swap is generally traded "on market", i.e at nil market value (the value of the two legs in the swap are the same), so his bank would never have been a billion at risk.
Secondly, banks have unbelievably onerous KYC processes, and he would not have been able to trade with any counterparty that hadn't been through that (there'd be no legal master agreement, no collateral support or margin agreement, no payment authorisation, no way to even book the trade in the banks systems)
Nobody does a billion dollar deal without a very thorough investigation. They do this even when you're hiring someone, imagine for deals like this. It would be virtually impossible to fake everything needed for a deal of this size to go through.
The article is about a company which fell for a fraud like this. They did not lose a lot of money, but they lost a lot of credibility. I, for one, found it interesting that all the investigation and due diligence didn't catch the fraud before investor relations published their press release. The checks and balances definitely failed in this instance, and I am sure this is not the worst case of such fraud in the history.
For large customers, we usually set up a shared slack channel. It’s strongly authenticated when compared with email (where spoofing or impersonation is easy).
Setting up PGP is annoying and also requires recipients to have it. Emails are clearly not private. Whatsapp, Messenger, Signal and Telegram are a bit personal (most require a phone number, and companies don't provide phone numbers to all people). SMS/ phones are also not secure. LinkedIn premium is expensive monthly and doesn't provide a good messaging UI.
Oh, the reason why I ask B2B specifically is because consumer products can communicate through their platforms where users already have accounts. Their either enmeshed in platforms or have their own platforms.