11/14/2016

Hands-on tips to protect your sensitive data

The days are long gone that you could only exchange files with another user by means of a USB stick, an external hard drive or even, for those of us who are over 40, a floppy disk. Today the internet is omnipresent and allows you to send files to someone else without even getting out of your chair.

But as well as being convenient, the internet also poses some real threats. As CIO, I am concerned about this. Actually, data protection should concern us all, because our business partners and customers expect that their data is in good hands.

Various security threats

The most obvious threat is that someone else could get hold of your files and access the entire contents. This is known in security jargon as a breach of confidentiality. But there can also be breaches of two other key security principles: a breach of integrity (the fact that nobody can tamper with the contents) and a breach of non-repudiation (the fact that none of the parties can deny having sent or received the file).

In personal use, the confidentiality principle is probably your main concern. You want to be sure that nobody else can read a message or see an image that you’ve sent to someone. In a business context, both integrity and non-repudiation will be important – sometimes even more so than confidentiality. Let us assume that you send a binding proposal to a customer but an intercepting party can change the conditions (e.g. increase or decrease your price). You could lose the deal because your price is too high or you could be obliged to honor a contract at a price that is too low. Or imagine that your proposal simply doesn’t reach the intended recipient…

All of these are scenarios that you probably prefer not to think about. But how can you avoid them? There are various technologies available to help you secure your message and files.

So what should I use in business practice?

Encrypted email messages

The simplest manner to securely exchange files via email is to send an encrypted attachment by using 7-Zip or WinRar. Send the password via another channel such as an SMS. Unfortunately, email only works for files of 10 to 15 MB max.

Private cloud or on-premise file sharing tools

If you only need to share big files with someone occasionally, there are safe web-based solutions such as Hightail that enable you to simply upload a file and enter the recipient’s email address. Your recipient will then receive an email with a link that contains a randomly generated string (a password, in effect). Some public available tools, like DropBox, OneDrive or WeTransfer offer the same service but are, however, less secure. If requested by a law enforcement agency these firms might be forced to disclose your files.

If you exchange files with certain people regularly it may be better to set up a shared space, such as Microsoft SharePoint, to which access is granted by means of a username and password.

To err on the side of caution, you can set up the secure file sharing tools in an on-premise configuration or in a private cloud supplied by a provider falling under a jurisdiction of your choice. This way, you are optimally protected against breaches of confidentiality, integrity and non-repudiation.

Be in control

Not all types of data need encryption. When sharing internal data, such as methodologies or research data, you can save yourself the extra work because the disclosure of the data would only have a limited business impact. This is different, however, for (strictly) confidential data. Being in control by encrypting the data brings, in the end, more efficiency. 

Or to put it differently: an ounce of prevention is worth a pound of cure! So, check out some tools such as 7-Zip, WinRar, Hightail and SharePoint and learn to master them before cybercriminals master your data!

Author: Steven Fleurent. You can follow Steven on Twitter or connect with him on LinkedIn