Archive for category Data Security

File sharing needs to be easier for employees
and more secure for IT administrators

Posted by on Thursday, 23 January, 2014

It’s the age-old file sharing dilemma: how do you make technology easy for end users without compromising the security protocols your company requires?

Workflows are moving at ever increasing speeds, and we’re all trying to get more done in less time.  Employees are often juggling multiple projects at once and view having to follow complicated security protocols as an annoying speed bump.  They don’t mean to be non-compliant.  They’re just in a hurry and under pressure, so any shortcut they can find is tempting.

File sharing shortcuts may be easy, but are they secure?

When it comes to file sharing, especially sending sensitive files to vendors, customers, trading partners, or even other internal teams, those outside of the IT department will look for the path of least resistance.  How can I get this file to that person easily and quickly?

The answer tends to be one of two choices.  Employees will either attach the file to an email, or if it’s too large, they’ll try one of those free cloud-based applications like Dropbox, Box.net, or Google Drive.  As far as they’re concerned, as long as the file gets to where it’s going, that’s what really matters. Most people in the office don’t realize that email attachments aren’t secure, and that the cloud tools may not meet the security compliance regulations that affect their organization.

GoAnywhere File Sharing WebinarUpcoming webinar provides a convenient and secure solution

Therefore, the challenge is finding a way to make it as easy for employees to share files securely as it is for them to use one of those shortcuts.  Fortunately, GoAnywhere has developed that alternative.

We’re presenting a live webinar on Thursday, January 30, to show you just how easy secure file sharing can be.

Find out how GoAnywhere Services, the secure FTP server product within the GoAnywhere Managed File Transfer Suite, gives your employees a convenient way to share files as easily as with any other shortcut they’ve found.  The advantage is that those files are sent through a unique, encrypted HTTPS link that the recipient clicks to download the file.  In addition, the file transfer is tracked so that detailed audit reporting can be maintained in compliance with organizational and industry data security regulations.

Finding the right balance between convenience and security is the key to maintaining a great relationship between employees and the IT team.

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

How To Build a Data Breach Response Plan:
5 Great Resources

Posted by on Thursday, 14 November, 2013

What is a data breach?

The definition seems obvious for any organization.  A data breach occurs when data that was supposed to be protected from unauthorized access is exposed.

What may not be as clear cut is all of the ways that sensitive data can be compromised.  These include malicious attacks, accidental mistakes, and employee incompetence.  Confidential information can fall into the wrong hands during electronic file transfers, accessing lost or stolen devices, or as a result of hackers’ infiltration into a company’s servers.  Even sending an unsecure email could qualify as a data breach, depending on the information it contained.

five resources for developing a data breach response planWhat is your data breach response plan?

As complex as the causes of data breaches can be, the steps for responding are fairly straightforward, though time-consuming, stressful, and expensive.  Dealing with the breach will be monumentally more challenging if you don’t already have a data breach response plan in place.

Generally agreed upon steps include

  • thorough, extensive documentation of events leading up to and immediately following the discovery of the breach
  • clear and immediate communication with everyone in the company about what happened, and how they should respond to any external inquiries
  • immediate notification and activation of the designated response team, especially legal counsel, to determine whether law enforcement and/or other regulatory agencies need to be involved
  • identification of the cause of the breach and implementation of whatever steps are necessary to fix the problem
  • development of messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided

5 Important Resources

If your company does not yet have a data breach plan in place, or if you’ve been thinking it might be time to update your current policy, here are five great resources that you’ll want to review.

Data Breach Response Guide (Experian Data Breach Resolution Team)

Here is a comprehensive 30-page PDF that includes how to handle each step of the response process, as well as information about specific kinds of breaches such as healthcare breaches.  It even includes an audit tool for you to use to check your current plan to make sure it’s as updated as it needs to be.

Security Breach Response Plan Toolkit (International Association of Privacy Professionals (IAPP))

Use this questionnaire to guide the development of your incident response plan.  Involve your executive and IT team so everyone can better understand all facets of the process.

BBB Data Security Guide (Better Business Bureau)

Specifically designed for small businesses, the BBB provides a series of articles and resources to help companies understand the issues surrounding data security, as well as how to build a response plan.

Model Data Security Breach Preparedness Guide (American Bar Association)

For those with limited access to legal counsel, this PDF provides an overview from the legal perspective of how to prepare for a data breach.  It obviously isn’t a substitute for seeking advice from a lawyer who knows or can learn the details of your specific situation as well as the laws that apply in your state and industry.  However, it does provide some good general information that could help you launch a discussion with your legal team.

Data Breach Charts (Baker Hostetler law firm)

If your company does business in more than one state, this is a great starting point to review how different states’ data breach laws compare.  Again, it doesn’t take the place of your legal team, but it’s a helpful overview.

What other resources do you know about that should be included in this list?  Let us know in the comments!

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Why Bother Upgrading Beyond Standard FTP?

Posted by on Thursday, 26 September, 2013

Right out of the box, most operating systems come with a built-in File Transfer Protocol (FTP) tool that makes it possible to transfer large files between people, computers and servers.  It accomplishes the key goal, which is to deliver the file from one place to another.  However, too many organizations’ philosophy has been that as long as the files were getting where they needed to go, standard FTP was good enough. That was especially true when they were transferring files internally.

The truth is that FTP alone has never been good enough, because too much information (file data, user names, passwords, etc.) is vulnerable to hackers and it only takes fairly rudimentary hacking skills to steal it.  Now with increased pressure to protect sensitive data coming from regulators and consumers, it’s urgent that companies implement a more secure file transfer method.

Take a look at this short video to hear Bob Luebbe, Linoma Software’s Chief Architect, talk about the dangers of standard FTP.

 

At the end of this video, Bob mentions the value of clustering and load balancing to promote high active-active availability. Since this video was produced, we’ve also added these features to both GoAnywhere Services and GoAnywhere Director.

In fact, Bob just delivered a free webinar on the latest updates to GoAnywhere, and you can view a recorded version here.

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Video: How to Encrypt Files with OpenPGP Studio

Posted by on Wednesday, 7 August, 2013

Have you ever been asked to email a file that includes personal information like your prescription records, or your banking account information, or even your social security number?  Many people share that kind of information over the internet and simply hope that it doesn’t get hacked.

Download OpenPGP StudioLinoma Software, developer of the enterprise solution GoAnywhere™ Managed File Transfer Suite, has made it much easier to keep this kind of confidential data protected with its recently released desktop encryption tool called GoAnywhere OpenPGP Studio™.

This free PC tool is designed for people who occasionally need to share or store sensitive data.  OpenPGP Studio lets users encrypt, decrypt, sign and verify files from their PCs or workstations.  An integrated key manager allows anyone to quickly create, import, export and manage OpenPGP keys needed to encrypt and decrypt files. Best of all, it’s intuitive so even those who claim to be “non-technical” can confidently use OpenPGP Studio.

Here’s a video, also available on YouTube, that shows just how easy OpenPGP Studio is to use.

 

You can download OpenPGP Studio from the GoAnywhere website, and then let us know what you think!  If you need a more robust solution that includes automation, check out the GoAnywhere suite of products.

 

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Hold the Phone! Your Cloud-Storage Files May Be Vulnerable

Posted by on Friday, 22 March, 2013

The cloud storage services market has seen tremendous growth in just the last two years. Reports indicate a growth from 300 million cloud storage subscriptions in 2011 to over 500 million in 2012. The popularity and convenience of mobile devices have fueled this growth, with cloud services presenting a way for companies and their employees to share files anytime and from anywhere.

dangers of mobile file transfers in the cloudThe ability to access virtually any type of document from your smartphone has been both a great tool, and a potentially serious risk.   Sharing files in the cloud allows your traveling sales representatives to access their latest sales report from their tablet, and lets the exec review accounting figures from their phones. Once the files are viewed, the users can delete them and assume everything is safe.

While cloud storage services may be convenient, they also present many security vulnerabilities. One of those vulnerabilities is that unauthorized users may be able to gain access to your files stored in the cloud through your mobile phones.

A recent article published in InfoWorld details the findings of a new report that focused on the security risks of using cloud storage services like Dropbox, Box and SugarSync. It described how researchers were able to recover a variety of different files from multiple mobile devices including iPhones and Android devices, even after they had been deleted from the cloud.  In addition, data about the cloud service user was also accessible via the phones.

Given how many mobile devices are lost and stolen every day, if you or your employees use a cloud storage solution to transfer sensitive data, it’s possible that someone with the right expertise could access those files using your mobile device.

Two important precautions companies can take to minimize risk are to train employees to follow established security policies, and give them easy access to a secure and convenient way to share and store files.

Secure managed file transfer solutions are an excellent alternative to the cloud storage services, providing the ability to transfer files – both batch and ad-hoc — without risk of unauthorized access. It puts the control for data security back into the hands of the IT team without compromising the workflow for employees.

Managed file transfer solutions offer many features not typically included in cloud based storage solutions like encrypted file transfer protocols, error reporting, audit trails, and support for SFTP, FTPS, and HTTPS – all important to maintain the utmost level of security.

 

 

Jennifer Phillips

Jennifer Phillips is a technology blogger and social media expert. With a focus on the data security and the IBM i market, she has over 10 years of experience writing for publications on technology solutions.

More Posts - Website - Twitter - LinkedIn