printer friendly version

Four Steps to protecting your business from the quantum threat

Are you ready for Q-day? Post-quantum cryptography is not just an IT issue, it is a business continuity concern. Quantum computing is fast becoming a reality. The United Nations has declared 2025 as the International Year of Quantum Science and Technology. While this evolution of computing keeps the world at the forefront of innovation, businesses across the globe are being warned to bolster protection protocols to avoid losses through decryption.

According to Forbes magazine, “2025 could mark the arrival of ‘Q-Day’. This is a theoretical point in time when quantum computers become powerful enough to render many methods of encryption redundant – with severe consequences for privacy and security.”

As this sector transforms, there are four essential steps to protecting businesses now, and well into the future.

Carrie Peter.

Step 1: Create an encryption inventory

Think of this as a digital safety audit. As part of the audit, the IT team or provider creates and supplies a comprehensive list of all the places where the business uses encryption. Here, it is essential that organisations review and revise how they store their customer data, their email systems, how financial transactions are processed, the management of cloud services, access to remote work tools, and website security certificates.

Step 2: Secure unencrypted data

For smaller businesses that do not encrypt their data, the duty of protection remains their responsibility. Here organisations can take cost-effective, yet highly practical and impactful steps to securing their datasets.

To protect customer data stored on computers, free tools like VeraCrypt empower users to create encrypted containers for sensitive files, saving them in a digital safe. To secure email communication, services like ProtonMail offer free encrypted email accounts. For password management, tools like Bitwarden (free tier available) store passwords in an encrypted vault and can generate strong, unique passwords. Lastly, to assist in encrypting mobile devices, businesses must use the built-in encryption freely available on Android and iPhone devices - just turn it on in settings.

These are just some examples of how small enterprises can protect their data without a large capital outlay.

Step 3: Identify the business’s crown jewels

Focus on what needs protection in the medium to long term. Pay close attention to customer data that must be protected for years, trade secrets and intellectual property, financial records that need long-term storage, legal documents and contracts, healthcare records, and research and development information.

Which data would harm our business if exposed in five to 10 years? What information are we legally required to protect? Which systems contain our most sensitive customer data? These are key questions to ask.

Step 4: Stay informed about security standards

Quantum computing adoption will follow standards. Now, post-quantum cryptography (PQC) has become imperative. Effective PQC requires assigning an employee to monitor National Institute of Standards and Technology (NIST) updates as a strategic operational objective. Key objectives here would be to subscribe to NIST's post-quantum cryptography mailing list, schedule quarterly reviews with the business’s IT team or provider to consider the quantum progress and the relevant response, and include PQC updates in regular security meetings.

By implementing these actions today, organisations are strengthened to safeguard their future, while potentially gaining a competitive edge in security-focused markets.

Share this article:

Further reading: