By Carrie Peter, Managing Director at Impression Signatures, Advocacy Committee Vice-Chair at the Cloud Signature Consortium
Are you ready for Q-day? Post-quantum cryptography isn’t just an IT issue – it’s a business continuity concern. Quantum computing is fast becoming a reality. The United Nations has declared 2025 as the International Year of Quantum Science and Technology. While this evolution of computing keeps the world at the forefront of innovation, businesses across the globe are being warned to bolster protection protocols to avoid losses through decryption.
According to Forbes magazine “2025 could mark the arrival of ‘Q-Day’. This is a theoretical point in time when quantum computers become powerful enough to render many methods of encryption redundant – with severe consequences for privacy and security.”
As this sector transforms, there are four essential steps to protecting businesses now, and well into the future:
Step 1: Create an Encryption Inventory
Think of this as a digital safety audit. As part of the audit, the IT team or provider creates and supplies a comprehensive list of all the places where the business uses encryption. Here it is essential that organisations review and revise how they store their customer data, their email systems, how financial transactions are processed, the management of cloud services, access to remote work tools, and website security certificates.
Step 2: Secure Unencrypted Data
For smaller business that don’t encrypt their data, the duty of protection remains their responsibility. Here organisations can take cost-effective, yet highly practical and impactful steps to securing their datasets.
To protect customer data stored on computers, free tools like VeraCrypt empower users to create encrypted containers for sensitive files, saving them in a digital safe. To secure email communication, services like ProtonMail offer free encrypted email accounts. For password management tools like Bitwarden (free tier available) store passwords in an encrypted vault and can generate strong unique passwords. Lastly, to assist in encrypting mobile devices it is essential that businesses make use of the built in encryption freely available on both Android and iPhone devices – just turn it on in settings.
These are just some examples of how small enterprises can protect their data without a large capital outlay.
Step 3: Identify the Business’ Crown Jewels
Focus on what needs protection in the medium to long term. Pay close attention to: customer data that must be protected for years; trade secrets and intellectual property; financial records that need long-term storage; legal documents and contracts; healthcare records; and research and development information.
Which data would harm our business if exposed in five to 10 years? What information are we legally required to protect? Which systems contain our most sensitive customer data? These are key questions to ask.
Step 4: Stay Informed About Security Standards
Quantum computing adoption will follow standards. Now post-quantum cryptography (PQC) becomes imperative. As a strategic operational objective, effective PQC requires assigning an employee to monitoring National Institute of Standards and Technology (NIST) updates. Key objectives here would be to subscribe to NIST’s post-quantum cryptography mailing list, schedule quarterly reviews with the business’ IT team or provider to consider the quantum progress and the relevant response, and include PQC updates in regular security meetings.
This Goes Further Than IT
By taking these steps now, organisations are being bolstered with a view to protecting the business’ future (all while potentially gaining a competitive advantage in security-conscious markets too).