FileCipher – The days of writing down confidential information, putting it into envelopes and mailing – or in some cases, personally delivering – it off to someone are long gone. Since the advent of e-mail in the early 1970’s, people have been using the technology to share information without fear of whom or what may be listening. Flash forward to 2013. Cyber-crime is at an all-time high; identity theft runs rampant; the NSA’s PRISM program has been exposed and touted as the largest invasion of privacy by a government on its people; and criminals have evolved to become as sophisticated as the networks they target. Consequently, the frequency of data breaches has elevated and notices that our private information may have been compromised seem to surface daily. Many have been forced to re-evaluate their network security and communication strategies while the cloud-computing industry exploded overnight, promising to ease the strain of data security.
Take a moment to think about this: when conducting business with persons outside of your organization, what is your primary method of communication? How about when they ask you – or you ask them – to send you data; where do you go to get it? Many of you will answer “I open Outlook” or “I check my e-mail.” While this is common practice in most every business environment, the days of trusting standard e-mail services are over. Even e-mail providers advocating privacy and are closing their public-facing doors.
The volume and sensitivity of data being generated by business intelligence (BI) systems is increasing exponentially; all the while the value of it skyrocketing. Whether you’re a firm of mechanical engineers drafting schematics or a financial powerhouse overseeing the monetary longevity of your corporation, you cannot risk your employees mishandling confidential data. The importance of external security – protection for data leaving your internal network – has increased over the last decade, forcing CIOs and CSOs to examine and re-evaluate policies and procedures. One daunting flaw remains, but try as we might, we cannot remove the human element from the transfer process. However, through pragmatic risk analysis and enforcement of strict, standardized protocols, we can minimize it.
Things to Keep in Mind When Transferring Data Outside of Your Network
• Online Backup – with the cost of storage plummeting and SANs becoming less expensive to implement, cloud-based storage providers have flooded the technology landscape. While the premise of having a disaster recovery copy of your data offsite is perfect for safeguarding your business data against catastrophic failure, you must remember that at its core, it is primarily a backup solution. Any additional functionality such as making files available for sharing or creating a shared workspace is secondary to the business plan.
• Governance, Risk Management, and Compliance (GRC) – whether your business is privately held or publicly traded you must uphold a certain level of accountability. That means answering to those who question “how” you share your information. It is critical that you proactively implement policies to ensure a standardized, organization-wide approach to the transfer of sensitive information, both internally and externally. Failing a regulatory agency audit can mean the end of your business’s reputation and subject you to steep financial sanctions.
• Ownership and the Cloud – If you have made the decision to put your organization into the cloud, be it for backup, collaborative workspaces, file transfer or even a full IaaS, I cannot stress enough the importance of reading the Terms of Service. The very rights to the files you create could be at stake.
• Employee Education – No business owner or executive team has the time to micromanage – and they don’t want to. They want employees they can trust with the integrity of their data and know that all of them are trained on at least basic security measures for those times they must exchange information with the outside world. Allocate the training resources necessary to ensure your workforce avoids common security pitfalls such as: poor passwords and security questions; sending unsecured attachments; storing credentials such as account information, PIN codes, or other sensitive company documents on USB drives, CDs/DVDs, or even their local workstation.
While no solution is perfect and human error is inevitable (to a point), you can take steps that will make your business and its data a much tougher target for cyber criminals. The research can be confusing and the options can be many with seemingly no significant differences between them, but it is essential to develop a strategy where the security of your private information is the first, last, and only priority.
About the Author:
Filecipher, LLC provides a SaaS-based platform that businesses and individuals can use to safely and securely exchange privileged information. By automating many of the steps necessary to properly protect data for transfer over the Internet, the company offers a unique approach to information exchange.