What are the core security differences between a Secure Collaboration solution (Wickr) vs enterprise email and other forms of communication systems?
- A compromise of email or other hosted communications solutions will expose message contents and files.
- While Wickr stores encrypted files and encrypted messages, it does so with this in mind:
- It keeps data only for the length of time specified by the user. So while the risk isn't eliminated, it is mitigated with the use of Expiration and Burn On Read (BOR).
- If Wickr’s infrastructure is compromised, messages and files are never accessible.
- Wickr user messages and files are encrypted 3-times: server-to-server, device-to-device, and user-to-user.
- Wickr never has the ability to access data and can therefore never expose data sent through our product or service.
- Wickr encryption techniques - would take an average computer working 24x7x365 the lifetime of the universe to guess a single key and these keys are rotated per message.
How easy is it to perform enterprise level management of Wickr vs email solutions? What’s the enterprise user experience like?
- Much like setting up a new Gmail account, setting up a Wickr account is a straightforward process that takes just a few minutes.
- For Wickr Me - the free consumer product - users simply create a username (Wickr ID) and a password.
- For AWS Wickr- the enterprise product - a network administrator starts by setting up an administrator account. Once created (usually no more than 3 min), the network administrator sends emails inviting end users to download and activate their AWS Wickr apps on mobile or desktop.
I can easily connect with people using email, how easy is it to connect to Wickr users I want to communicate with?
- With email you can import contact lists to connect to your existing contacts. Wickr follows the same process. When setting up your Wickr app for the first time, you’ll be prompted to allow the app to “Access Contacts”. From here, the app will show which of your contacts are on Wickr so you can communicate with them securely.
- For AWS Wickr, finding AWS Wickr contacts can be accomplished by searching for their email address and adding them to your contact list.
- For Wickr Me, finding users can be accomplished by searching for their Wickr Me username and adding to your contact list.
What about enforcing strict retention policies and controls?
- In Wickr, administrators can enforce policies for message retention similar to email retention policies.
- Retention can be customized for different groups of users or teams (Security Groups) depending upon internal policies and compliance requirements.
- Wickr users can increase the protection of their messages and files by using the Burn On Read timer for particularly sensitive business information.
- For highly regulated industries and teams, Wickr Enterprise administrators (on-premise deployments and dedicated hosted environments) can leverage the compliance capability to enable archiving of specific types of communications on the network in a manner that is transparent to all participants. For example, when a litigation hold is issued for specific users on a legal team, admins have an ability to quickly enforce a preservation policy for a specified period of time and a group of staff. As retention is enabled through 3rd party archiving solution, customers are responsible for protecting retained communications outside of their Wickr network.
- Important to note, unlike email, if you set strict policy controls using Wickr - let’s say as 30-day retention - it in fact means that communication will be deleted with mathematical certainty from all devices that received or sent the communication.
- With email, you only control retention on your end, the terms of storage on the receiver’s end are entirely out of your control, which creates unnecessary risks and uncertainty. In addition, the recipient of your emails can always easily (features are available in any email client) print your communications with attached and verifiable timestamps with you having no visibility or control over these actions.
Can we collaborate on a document prepared in a word format, revise, and then store?
- Work tools like G-Suite, Office 365, Box, and Dropbox allows users to send documents, render in a browser or app, collaborate inline/online and store/share in public share drives. This makes it easy to share edits to a document, but it also creates risks when anyone can add participants and edit documents beyond your control. This may be fine for trivial work tasks, but isn’t sufficient for sensitive and high-target business collaboration when it is important to retain control over access to proprietary documents and commentary.
- With Wickr, you and those you trust on your network are the only ones who have access to your proprietary information. Neither Wickr, nor any other 3rd parties have access to your communications, which significantly minimizes your risk in case of a breach since all data is encrypted on the end points and never touches Wickr servers in plain text.
- Wickr does not provide direct inline/online document collaboration in real-time. Wickr users can work locally on documents (or through 3rd-party cloud-enabled shared drives), send encrypted documents or links through Wickr and receive updated documents securely back through Wickr. In addition, teams can use Wickr’s Secure Rooms as shared file repository or a vault to maintain full control over permissions and documents.
What type of integrations does Wickr support?
- Wickr Enterprise administrators (on-premise deployments and dedicated hosted environments) can leverage the bot capabilities to enable specific types of 3rd party integrations on their network. Enterprise customers can host multiple bots that provide a variety of functionality to Wickr users on their network.
What are the first steps to begin messaging another Wickr User?
Once you’ve activated your account, you will now want to begin with:
- Creating a Room or Conversation by selecting the “+” - on Desktop this will show in the upper Left of the Wickr application, on iPhone & Android it will be at the bottom of the application.
- During Room creation you can add your team members - think of Rooms as areas in which you collaborate within a structured discussion - for example - Executive Staff, BoD Comms, HR, Incident Response, Research, Legal, etc - simply add your team members and begin messaging
- For Conversations, these are used for 1:1 or 1:few messaging & calls outside of the standard ongoing Room discussions
- Establish how long message/content remains in Rooms and Conversations by selecting the Expiration & BOR settings
- For Rooms, when you define a Room you are by default a Moderator - always choose at least 1-2 other Moderators by “crowning” them. Moderators control who can be added to a Room and control the message settings.
What is Expiration and Burn-on-Read?
Auto-Destruct settings govern the time at which content (messages and/or attachments) is securely destroyed. Currently, there are two settings:
- "Expiration" sets the empirical maximum amount of time content may live; it starts counting when the content is sent.
- "Burn-on-read" sets the amount of time after a recipient views the content before it is destroyed; it starts counting as soon as content is marked as "read" but will never extend the life of the content beyond the destruct time determined by the "Expiration" value.
Why can't I set Expiration to be longer?
Administrators can set a global Expiration and/or Burn-on-read times, which you as an end user would not be able to override at a room or message level.
What about moderation, settings, and limits for Rooms & Conversations?
When creating a room you're presented with a few options:
- Room name corresponds to the name shown in the "// Rooms" listing within the application.
- Description is what is shown in the header information when joining a room.
- Notifications allow you to choose to have members notified of all messages, or only messages where they have been named. "@Bob"
- You'll also be presented with a list of all members within your Network allowing you to choose who can and cannot access this room. You can invite or promote members to Moderator by clicking their name within the list.
- AWS Wickr is currently limited to 500 members per Room
- AWS Wickr and Me is limited to 500 members per Conversation
How do I/we make a Wickr call?
- For Rooms or Conversations, simply select the Phone icon in the upper righthand corner
- Rooms allow up to 100 users on a given voice/video encrypted call
- Groups can also have up to 100 users on a call
- By default, voice calling is enabled - if you wish to join with video, then simply turn-on the camera icon during the call
Is it possible to share my screen with other participants using Wickr?
Yes, absolutely! Screen share will allow you to collaborate real-time during a voice / video encrypted call with other team members.
How do I delete a Conversation or Message?
- To Delete a Conversation on desktop Wickr application, select the conversation and you will see an “x” in the Conversation list next to the one you wish to delete. You will be prompted whether you want to delete or not.
- To Delete a Conversation on mobile with iPhone, press and hold the Conversation and select "Delete," on Android select the information icon “i” and Delete Chat and All Data.
- To Delete a Message on Desktop, right-click the target message, select Delete.
- To Delete a Message on iPhone, press and hold the target message. On Android, click the “ … “ to the left of the message and select Delete.
What does it mean to "Leave" a Network?
- You can Leave a current AWS Wickr network “IF” you need to be added to another AWS Wickr network. Should you “Leave” your network, you will need to have the Network Administrator add you to the new Network in order for you to communicate with others.
What are “locked” messages?
- Within your client settings you can adjust to have messaging locks on or off. If turned on messages are not displayed by default in the client, in order to display a message users are required to “tap” or “click” messages to view the content. Users who want extra privacy controls will set this on to always require a “tap” or “click” to view message content.
- For Wickr Pro, the default is automatically unlock messages
- For Wickr Me, the default is disabled, requiring users to “tap” or “click” to view messages
Does Wickr support two-factor authentication (2FA)?
- Wickr supports two factor authentication (2FA) for Network administrators (web based administrative console) and desktop clients.
- Wickr uses Google Authenticator for 2FA. Before users enable to 2FA, it is required to download the Google Authenticator mobile application. This is a free application and does not require any 3rd party account.