Archive for category Data Security

SFTP vs FTPS – Best Solution for Secure FTP (Infographic)

Posted by on Thursday, 14 August, 2014

With large data breaches recently taking center stage in the media, many businesses have begun paying close attention to internal practices and taking action to improve internal systems and processes. As a result, an increasing number of businesses (people) who rely on data transfers are looking to move away from standard FTP in favor of a more secure method.

We are often asked about the key differences between SFTP and FTPS. There are potential pros and cons with each method, which is why businesses should weigh the differences carefully to determine what option would serve them best.

Over the years, we have tried explaining SFTP vs FTPS in a variety of ways. Between lists and charts and drawings, we found that most people were easily able to comprehend unique aspects of each transfer protocol when it was presented visually.

We created the following infographic to highlight the positives and negatives of using SFTP vs FTPS. You can also view the original blog post for a more detailed comparison.

sftp vs ftps infographic

 

Share this Image On Your Site

IT Security Threat Reaches Executive Level

Posted by on Friday, 18 April, 2014

The success of a company now relies on its ability to secure critical data.  When escalated to this level of importance, it’s time for the CEO and board to become directly engaged in the process.

The traditional role of IT has changed significantly in recent years.  IT professionals, previously tasked with configuring office computers and network servers, are now entrusted with securing trade secrets and highly sensitive customer records.  Add to this a surge of cloud-based applications and storage that make an organization’s data vulnerable and the IT department suddenly has a very full plate.

Organizations are being targeted primarily for the purpose of financial gain.  Customer records often include sensitive data that can be easily monetized, providing ample motivation for both hackers and internal threats.  As companies increase their digital assets — through the harvesting of more customer personal, financial and transaction information – they become a higher profile target for thieves.

Failure to Recognize a Breach

single sign-on breachFirewallThe challenge often seems to be detecting and resolving intrusions.  Sometimes the first notification of a breach comes from federal investigators who’ve discovered the organization’s data on the open market.  Even when signs of suspicious activity present themselves, too frequently the threat is not given proper escalation.

Of greatest concern is the timely reporting of incidents through the levels of company leadership, regulatory authorities and, ultimately, the effected parties. The IT department might feel compelled to research and resolve the breach before notifying senior management.  This can turn a potentially damaging situation into a public relations nightmare.

Common Language is Key

The solution begins with establishing a communication channel and common language between business and IT leaders.  Together they must understand and agree upon the level of risk the organization is willing to tolerate.

These marching orders allow the IT department to make a plan that meets these strategic needs.  Once completed, the gaps, priorities, and strategy needs to be communicated back to the CEO and board in a language that top leadership can understand.

Lastly, don’t deny the limitations of your IT department.  The complexities and rapidly changing nature of security breaches may require the assistance of outside expertise to keep systems and procedures current.

This post is based on a TechRepublic article by Michael Kassner titled, “C-level execs need to rethink IT security”.

 

File sharing needs to be easier for employees
and more secure for IT administrators

Posted by on Thursday, 23 January, 2014

It’s the age-old file sharing dilemma: how do you make technology easy for end users without compromising the security protocols your company requires?

Workflows are moving at ever increasing speeds, and we’re all trying to get more done in less time.  Employees are often juggling multiple projects at once and view having to follow complicated security protocols as an annoying speed bump.  They don’t mean to be non-compliant.  They’re just in a hurry and under pressure, so any shortcut they can find is tempting.

File sharing shortcuts may be easy, but are they secure?

When it comes to file sharing, especially sending sensitive files to vendors, customers, trading partners, or even other internal teams, those outside of the IT department will look for the path of least resistance.  How can I get this file to that person easily and quickly?

The answer tends to be one of two choices.  Employees will either attach the file to an email, or if it’s too large, they’ll try one of those free cloud-based applications like Dropbox, Box.net, or Google Drive.  As far as they’re concerned, as long as the file gets to where it’s going, that’s what really matters. Most people in the office don’t realize that email attachments aren’t secure, and that the cloud tools may not meet the security compliance regulations that affect their organization.

GoAnywhere File Sharing WebinarUpcoming webinar provides a convenient and secure solution

Therefore, the challenge is finding a way to make it as easy for employees to share files securely as it is for them to use one of those shortcuts.  Fortunately, GoAnywhere has developed that alternative.

We’re presenting a live webinar on Thursday, January 30, to show you just how easy secure file sharing can be.

Find out how GoAnywhere Services, the secure FTP server product within the GoAnywhere Managed File Transfer Suite, gives your employees a convenient way to share files as easily as with any other shortcut they’ve found.  The advantage is that those files are sent through a unique, encrypted HTTPS link that the recipient clicks to download the file.  In addition, the file transfer is tracked so that detailed audit reporting can be maintained in compliance with organizational and industry data security regulations.

Finding the right balance between convenience and security is the key to maintaining a great relationship between employees and the IT team.

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

How To Build a Data Breach Response Plan:
5 Great Resources

Posted by on Thursday, 14 November, 2013

What is a data breach?

The definition seems obvious for any organization.  A data breach occurs when data that was supposed to be protected from unauthorized access is exposed.

What may not be as clear cut is all of the ways that sensitive data can be compromised.  These include malicious attacks, accidental mistakes, and employee incompetence.  Confidential information can fall into the wrong hands during electronic file transfers, accessing lost or stolen devices, or as a result of hackers’ infiltration into a company’s servers.  Even sending an unsecure email could qualify as a data breach, depending on the information it contained.

five resources for developing a data breach response planWhat is your data breach response plan?

As complex as the causes of data breaches can be, the steps for responding are fairly straightforward, though time-consuming, stressful, and expensive.  Dealing with the breach will be monumentally more challenging if you don’t already have a data breach response plan in place.

Generally agreed upon steps include

  • thorough, extensive documentation of events leading up to and immediately following the discovery of the breach
  • clear and immediate communication with everyone in the company about what happened, and how they should respond to any external inquiries
  • immediate notification and activation of the designated response team, especially legal counsel, to determine whether law enforcement and/or other regulatory agencies need to be involved
  • identification of the cause of the breach and implementation of whatever steps are necessary to fix the problem
  • development of messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided

5 Important Resources

If your company does not yet have a data breach plan in place, or if you’ve been thinking it might be time to update your current policy, here are five great resources that you’ll want to review.

Data Breach Response Guide (Experian Data Breach Resolution Team)

Here is a comprehensive 30-page PDF that includes how to handle each step of the response process, as well as information about specific kinds of breaches such as healthcare breaches.  It even includes an audit tool for you to use to check your current plan to make sure it’s as updated as it needs to be.

Security Breach Response Plan Toolkit (International Association of Privacy Professionals (IAPP))

Use this questionnaire to guide the development of your incident response plan.  Involve your executive and IT team so everyone can better understand all facets of the process.

BBB Data Security Guide (Better Business Bureau)

Specifically designed for small businesses, the BBB provides a series of articles and resources to help companies understand the issues surrounding data security, as well as how to build a response plan.

Model Data Security Breach Preparedness Guide (American Bar Association)

For those with limited access to legal counsel, this PDF provides an overview from the legal perspective of how to prepare for a data breach.  It obviously isn’t a substitute for seeking advice from a lawyer who knows or can learn the details of your specific situation as well as the laws that apply in your state and industry.  However, it does provide some good general information that could help you launch a discussion with your legal team.

Data Breach Charts (Baker Hostetler law firm)

If your company does business in more than one state, this is a great starting point to review how different states’ data breach laws compare.  Again, it doesn’t take the place of your legal team, but it’s a helpful overview.

What other resources do you know about that should be included in this list?  Let us know in the comments!

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Why Bother Upgrading Beyond Standard FTP?

Posted by on Thursday, 26 September, 2013

Right out of the box, most operating systems come with a built-in File Transfer Protocol (FTP) tool that makes it possible to transfer large files between people, computers and servers.  It accomplishes the key goal, which is to deliver the file from one place to another.  However, too many organizations’ philosophy has been that as long as the files were getting where they needed to go, standard FTP was good enough. That was especially true when they were transferring files internally.

The truth is that FTP alone has never been good enough, because too much information (file data, user names, passwords, etc.) is vulnerable to hackers and it only takes fairly rudimentary hacking skills to steal it.  Now with increased pressure to protect sensitive data coming from regulators and consumers, it’s urgent that companies implement a more secure file transfer method.

Take a look at this short video to hear Bob Luebbe, Linoma Software’s Chief Architect, talk about the dangers of standard FTP.

 

At the end of this video, Bob mentions the value of clustering and load balancing to promote high active-active availability. Since this video was produced, we’ve also added these features to both GoAnywhere Services and GoAnywhere Director.

In fact, Bob just delivered a free webinar on the latest updates to GoAnywhere, and you can view a recorded version here.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus