Posts Tagged data privacy law

Managed File Transfer Solution Now on Video

Posted by on Wednesday, 17 August, 2011

We’re always looking for new ways to illustrate the power and versatility of our GoAnywhere suite of secure file transfer and encryption solutions.  Very simply, GoAnywhere helps you streamline, encrypt and automate your file transfer processes to save time and money while meeting ever-growing compliance requirements.

Still, we find it’s sometimes challenging to quickly explain the power and convenience of our managed file transfer software, so we’re excited to introduce some brand new videos to showcase the flexibility and control GoAnywhere clients have.

GoAnywhere secure file transfer software solution

GoAnywhere’s suite of secure file transfer solutions helps you manage all of your organization’s inbound and outbound file transfers — both internally as well as with external trading partners.

With support for virtually any platform and protocol, including FTP, FTPS, SFTP, HTTP/S, AS2, SMTP and ZIP, GoAnywhere puts local control of the entire process into one intuitive dashboard.  GoAnywhere eliminates the need for custom scripts, generates detailed audit logs, and provides a rich catalog of features for comprehensive management, all without additional hardware or specialized skills.

If you’d like to test drive a free trial, let us know.  We’d also love to hear what you think of our videos!

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Citigroup Breach Triggers Congressional Response

Posted by on Monday, 11 July, 2011

The data breach at Citigroup in May – a breach which reportedly exposed an estimated 200,000 customer accounts – has motivated members of the U.S. Congress to re-introduce legislation to penalize the very organizations that have been victimized by hackers.  What are the next steps your company should take?

New bills to protect consumers’ personal dataLinoma Software Managed File Transfer Solutions

Two bills are proposed by both House and Senate legislators.

First, Sen. Patrick Leahy (D-Vt.) has introduced the Personal Data Privacy and Security Act of 2011.  The new bill provides:

  • Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data;
  • A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security; and
  • A requirement that the government ensure sensitive data is protected when the government hires  third-party contractors.

This act would also require, under threat of fine or imprisonment, that businesses and agencies notify affected individuals of a security breach by mail, telephone or email  “without unreasonable delay.” Media notices would be required for breaches involving 5,000 or more people.  The FBI and the Secret Service would need to be notified if the breach affects 10,000 or more people, compromises databases containing the information of one million or more people, or impacts federal databases or law enforcement.

But that’s not the only security bill that has businesses concerned.

In the House, Rep. Mary Bono Mack (R-Ca) is holding hearings in preparation of a bill she’s named The SAFE (Secure and Fortify) Data Act that would also require “reasonable security policies and procedures” to protect consumers and enable disclosures to victims and the Federal Trade Commission within 48 hours of a data breach.

Companies no longer viewed as the victims

All this sounds good from the consumer’s point of view. But what about the expense – and potential Linoma Software GoAnywhere Managed File Transfer Solutionpenalties – suffered by the “owners” of the data: the businesses themselves?

While these bills may address the public’s interest for notification — and indeed they would bring some semblance of a national standard – they also represent an interesting shift in the liabilities that companies will face.  How is that?

Though we currently have no federal data breach notification law, federal policies now view the companies that experience a data breach as the victims of crime. However, under the proposed legislative bills, companies that do not act quickly to appropriately secure the personal data of customers – or fail to report a data breach in a reasonable amount of time – would not only suffer the theft of data, but also be held liable for its loss.

This is a significant shift. Companies are now being viewed not as the owners of consumer data, but merely guardians and trustees whose job it is to protect that data or face criminal penalties. And the message is clear: if companies won’t take adequate precautions to secure the sensitive data of our customers, they’ll pay a hefty price.

Where does your company stand?

In a world in which diligent hackers have the power break into seemingly secure networks and systems, what can your company do?

The challenge is first to determine exactly what qualifies as adequate precautions.

GoAnywhere Secure Managed File Transfer A review of the HIPAA HITECH security provisions that took effect last year provides some insight about what the government considers adequate protection.

HITECH strongly recommends the use of encryption technology. Encryption is a good place for your company to start, especially when dealing with the data your company stores on its servers.  If sensitive data itself is kept securely encrypted, a data breach doesn’t expose the content of the information itself.

Secure managed file transfer protocols – which send data using encryption – is the second place to focus attention.

If data is encrypted when it is being securely transmitted between business partners, the value of that data should it be breached – through hacking, theft, or other malicious actions – is worthless.  Encryption and secure managed file transfers can dramatically minimize the holes of technical breaches, significantly reducing an organization’s liability.

Preventing exposure

The Citigroup data breach has rekindled the momentum for a nationwide, cross-industry data breach reporting standard. This standard will not to eliminate the physical breaches themselves. What’s needed is legislation to encourage companies secure the underlying data that is the target of the hackers.

Isn’t it time for your company to take a serious look at its liabilities and to investigate how encryption and managed file transfers can close these important security holes?

Thomas Stockwell

Thomas M. Stockwell is one of Linoma Software's subject matter experts and a top blogger in the industry. He is Principle Analyst at IT Incendiary, with more than 20 years of experience in IT as a Systems Analyst, Engineer, and IS Director.

More Posts - Website

Massachusetts Has Set the Bar for Securing Personal Data; Is Your Company Compliant?

Posted by on Friday, 16 April, 2010

Personal data privacy is one of the greatest concerns individuals have when doing business over the web and in person.  It seems it is commonplace for a company to notify their customers that their personal and/or account information has been compromised by a hacker or a disgruntled employee (e.g. TJ Maxx, Wells Fargo, Bank of America).  While you’d think businesses would do everything they can to protect their customers’ personal information, they will weigh the risks and likelihood of a data breach happening versus the cost and time to implement such security measures.  Knowing this, the payment card industry (PCI), government agencies and many states have put together a list of requirements that businesses must follow in order to do business with them or in their state.  The problem is they often don’t enforce these regulations and fines are only imposed after a data breach happens.

I just returned from Framingham, Massachusetts where we exhibited at the Northeast User Group conference.  Massachusetts has a very strict data privacy law.  Not only do businesses in Massachusetts need to protect their customers’ personal information but so do businesses who have in their database the personal identifiable information of people from Massachusetts.  One of the requirements says organizations must:

“Encrypt all transmitted records and files containing personal information that will travel across public networks.”

Several of our customers mentioned our products have helped them meet the Massachusetts’ data privacy requirements.  They have implemented field encryption using Crypto Complete and are using our GoAnywhere Director to encrypt file transfers.  They have minimized the risk of a data breach happening at their company by using both solutions.  Unfortunately, I also had many other individuals stop by Linoma’s Booth who said their management does not want to allocate any resources (time or money) towards securing personal and confidential data.  They know they should do it and are required to do so, but it’s just not high on their priority list right now.  I’m afraid this mindset may be more popular than we think, which is concerning.

Is the company you work for securing personal data?  Is your company looking for a solution to secure data?  Find out today how we can help your company avoid sending the inevitable letter that your confidential information has been breached. Not only can we help you avoid facing public humiliation, our products can help save you time and money by streamlining the secure data transfer process.

If you are interested in seeing how Linoma’s solutions can encrypt your data at rest and when it’s transferred, don’t hesitate to contact us at 800-949-4696.

Brian Pick

Sales Manager

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website