Posts Tagged secure data transfer

Hacking and File Transfers: What You Need to Know

Posted by on Tuesday, 4 December, 2012

In the battle to secure information, it helps to know a little bit about how it can be compromised. Using FTP is one way to expose critical vulnerabilities that can allow credentials to be hacked.  However, these holes in security can also be easily closed if you know how.

How Hackers Discover Vulnerabilities

Here’s how hackers could access sensitive data sent via FTP.  With the use of a “sniffing” tool, an attacker could intercept and log any data traveling across the network. This log can then be analyzed to look at the content that was sent across specific TCP ports like FTP (port 21), as well as the user ID and passwords used to log in to the FTP servers that may have been sent as clear text.

managed file transfer, secure file transferStart with Networks, Routers, and Firewalls

To prevent this kind of hacking, the wired network can be secured by first making sure network ports are not available for public access, and then by separating network segments for sensitive servers and workstations.

However, many companies also have wireless networks where hackers just need reasonable proximity to the Wi-Fi signal, such as in an adjacent office or parking lot.  Therefore, it is critical to secure wireless routers with WPA or WPA2 encryption options, rather than WEP encryption, which is no longer considered effective protection against hackers.

Once networks are secured, the next most effective tactic against hackers is to block all FTP traffic at the firewall. Then, for permitted file transfers, allow only secure encryption protocols such as SFTP, FTPS, HTTPS, PGP, or GPG for file exchanges in and out of the network. These security restrictions will deter most hackers.

Security Measures Can Be Challenging

Implementing these security measures is important, but it doesn’t come without some challenges.  The IT staff will have to handle more complicated secure file transfer management processes, and users may be inconvenienced as files are transferred to people and organizations that need them.  As a result, users may look for a workaround for sending and receiving files to avoid being slowed down by the IT staff.  Popular alternatives users may try include email attachments or browser-based cloud services such as Dropbox that present a new vector of vulnerability as these options may not meet necessary security standards.

MFT Minimizes Hassle, Solves Security Vulnerabilities

There is a solution, however, that can provide not only the highest security for file transfers, but also create fewer hassles for both the IT department and the general employee.

Managed File Transfer (MFT) solutions increase data file security implementations and simplify the entire file management process by providing the tools for easily creating and managing all of the unique encryption keys for the company’s various trading partners.  Access controls can be set up for authorizing each employee’s file exchange requirements. MFT also provides a detailed log of all transactions so that any required audits may be easily fulfilled.

Some MFT vendors also provide intuitive and convenient email encryption solutions that can integrate with existing corporate email clients such as Outlook. This reduces the temptation for employees to use workaround tools that may bypass the security restrictions that have been put in place to prevent hacking of sensitive data.

Keeping data secure is an ongoing mandate that will only become more critical as industries move toward paperless environments.  Adopting a managed file transfer solution is one of the best ways to strengthen your file transfer processes and security as the pressure and liability risks continue to grow.

photo credit: kryptyk via photopin cc
 
 

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Is Your Company Letting Data Slipping Through the Cracks?

Posted by on Monday, 16 April, 2012

Many Americans have spent the last few days frantically searching for receipts and other documentation to finish their taxes before Tuesday, April 17.  No doubt some of those people thought they knew exactly where to find what they needed, and were dismayed to discover that their confidence — as well as their data — had been misplaced.data breach, managed file transfer

How about your confidence regarding your organization’s sensitive data? As managers, are you aware of all of the transactions going in and out of the company network? Who is sending and pulling files, and why? What’s the best way to manage all of these data exchanges? Isn’t there a more user-friendly solution than prohibiting all FTP communications except from specified computers or user profiles?

Efficient workflow requires efficient data flow

No doubt data security is critical.  So is the ability to exchange information to accomplish daily business goals.  Almost every department needs to exchange files with trading partners, customers, vendors, remote employees, and more.

Here are just a few examples of data your company may be exchanging every day:

Finance/Accounting/HR

  • Tax documents
  • Annual, quarterly monthly reports to shareholders, investors, banks, financial partners
  • Personnel reporting

Marketing/Sales

  • Art files to/from artists, printers, marketing partners
  • Video and other content for web, publishers, printers
  • PDF brochures, proposals, whitepapers to prospects, partners, customers

Information Technologies

  • Data files to/from system integration partners
  • Database exchanges with business networks
  • System updates
  • EDI file transaction exchanges
  • Update to HA and offsite systems

Customer Service

  • Customer update documents
  • Client reporting documents
  • Receipt of supporting documents

Production/Warehousing

  • Supplier data exchange
  • Customer data exchange
  • Inventory reporting

Research & Development

  • Product specifications to/from manufacturing partners
  • Large CAD/engineering data to/from development partners

How do you control the data flow?

Educate your employees

Each organization has developed rules and codes of conduct to maintain productivity, positive morale, and customer confidence.  Ideally, these policies are documented and part of employee training. It’s imperative that the rules governing data management are also included in the documented policies, and all employees regardless of their roles need to demonstrate their understanding of the data management policies. Clear directives regarding management’s expectations is the first line of defense against data breach.

Implement the appropriate technology solution

The right technology tools can also be a valuable part of the data control approach.  Most data exchanges can be performed through secure email, FTP and network communications. A combined implementation of firewall and managed FTP solutions will help secure and distribute the resource requirements as appropriate for every department’s needs.

Firewalls not only protect the company network from outside intruders, but can also help manage internal traffic.  A managed file transfer (MFT) system allows specific types of transfers based on users’ permissions or specified events so the inbound/outbound flow of data can be better managed and monitored. With an MFT system, audit logs are automatically kept of each data exchange, and files and emails can be encrypted and secured to ease worries that they might be sent to the wrong people.

The bottom line

Given the multitude of data files that need to be moved in and out of your organization, and the need to create efficient workflows that allow employees to do their jobs while maintaining strict vigilance about data security, few facets of your business are more important than controlling your data flow.  Getting information in the right hands and keeping sensitive data shielded from non-authorized access is an ongoing challenge, but education and the right tools are the keys to success.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Silence the Nagging By Securing Your Data

Posted by on Monday, 6 February, 2012

Compliance issues and the ever-growing list of compliance regulation acronyms (HIPAA, PCI, SOX, etc.) are persistently nagging IT folks who must meet tough mandates and overly complicated rules.

compliance, HIPAA, PCI DSS, data securityOf course, the real reason we must now pay so much attention to compliance is others’ irresponsible abuse. Somewhere along the data strewn path, a few malicious malcontents had to succumb to the voice of greed and abuse their technological skill sets.  All IT professionals’ jobs are tougher thanks to those that through hacking, sniffing, or lifting data sources chose to steal and sell inadequately secured information.

The truth is, though, that “data” really is sensitive information and we live in a paranoid modern world where dastardly damage is done with a just a little twist of the facts.  So in response to the cries of outrage among our citizens, politicians have wrung their bureaucratic hands and offered plenty of passing legislation designed to protect our data.

Because IT is responsible for the company’s data, we need to stay abreast of the laws that apply to it. We also need to to fully understand and implement the three types of data protection: physical, transitional, and procedural.

Physical

Physical protection is probably the easiest. We secure the data on our servers, backup tapes and offsite facilities with technologies such as passwords, drive encryption, backup encryption, data center surveillance, physical locks, etc. We spare no expense in securing the physical because we can see it and believe it is secured. Or so we think.

Transitional

Transitional protection is a little more difficult.  Any data files that leave our networks should be secured with managed FTP solutions that encrypt the files with SFTP, FTPS, HTTPS, PGP, and other protocols.  Firewalls are set up to control what can leave or enter our data domain. DMZ gateways are set up to increase the virtual protection of the data and still allow designated users access to it.

Procedural

Procedural security is a type of data protection that is least understood and implemented.  A clear and understandable security policy needs to be communicated to the end users so they become familiar with sensitive data is secured, and what consequences may loom if procedures aren’t followed.

The majority of us in IT are protective about who has access to our own sensitive data, so we can understand the reason for protecting everyone else, too.  Yes, it’s a lot of work, but it’s part of the new normal.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a technical analyst and writer for various technical and social media projects with Humanized Communications.

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus - YouTube

Managed File Transfer Solution Now on Video

Posted by on Wednesday, 17 August, 2011

We’re always looking for new ways to illustrate the power and versatility of our GoAnywhere suite of secure file transfer and encryption solutions.  Very simply, GoAnywhere helps you streamline, encrypt and automate your file transfer processes to save time and money while meeting ever-growing compliance requirements.

Still, we find it’s sometimes challenging to quickly explain the power and convenience of our managed file transfer software, so we’re excited to introduce some brand new videos to showcase the flexibility and control GoAnywhere clients have.

GoAnywhere secure file transfer software solution

GoAnywhere’s suite of secure file transfer solutions helps you manage all of your organization’s inbound and outbound file transfers — both internally as well as with external trading partners.

With support for virtually any platform and protocol, including FTP, FTPS, SFTP, HTTP/S, AS2, SMTP and ZIP, GoAnywhere puts local control of the entire process into one intuitive dashboard.  GoAnywhere eliminates the need for custom scripts, generates detailed audit logs, and provides a rich catalog of features for comprehensive management, all without additional hardware or specialized skills.

If you’d like to test drive a free trial, let us know.  We’d also love to hear what you think of our videos!

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing.

More Posts - Website - Twitter - Facebook - LinkedIn - Pinterest - Google Plus

Massachusetts Has Set the Bar for Securing Personal Data; Is Your Company Compliant?

Posted by on Friday, 16 April, 2010

Personal data privacy is one of the greatest concerns individuals have when doing business over the web and in person.  It seems it is commonplace for a company to notify their customers that their personal and/or account information has been compromised by a hacker or a disgruntled employee (e.g. TJ Maxx, Wells Fargo, Bank of America).  While you’d think businesses would do everything they can to protect their customers’ personal information, they will weigh the risks and likelihood of a data breach happening versus the cost and time to implement such security measures.  Knowing this, the payment card industry (PCI), government agencies and many states have put together a list of requirements that businesses must follow in order to do business with them or in their state.  The problem is they often don’t enforce these regulations and fines are only imposed after a data breach happens.

I just returned from Framingham, Massachusetts where we exhibited at the Northeast User Group conference.  Massachusetts has a very strict data privacy law.  Not only do businesses in Massachusetts need to protect their customers’ personal information but so do businesses who have in their database the personal identifiable information of people from Massachusetts.  One of the requirements says organizations must:

“Encrypt all transmitted records and files containing personal information that will travel across public networks.”

Several of our customers mentioned our products have helped them meet the Massachusetts’ data privacy requirements.  They have implemented field encryption using Crypto Complete and are using our GoAnywhere Director to encrypt file transfers.  They have minimized the risk of a data breach happening at their company by using both solutions.  Unfortunately, I also had many other individuals stop by Linoma’s Booth who said their management does not want to allocate any resources (time or money) towards securing personal and confidential data.  They know they should do it and are required to do so, but it’s just not high on their priority list right now.  I’m afraid this mindset may be more popular than we think, which is concerning.

Is the company you work for securing personal data?  Is your company looking for a solution to secure data?  Find out today how we can help your company avoid sending the inevitable letter that your confidential information has been breached. Not only can we help you avoid facing public humiliation, our products can help save you time and money by streamlining the secure data transfer process.

If you are interested in seeing how Linoma’s solutions can encrypt your data at rest and when it’s transferred, don’t hesitate to contact us at 800-949-4696.

Brian Pick

Sales Manager

Bob Luebbe

Bob Luebbe has worked in the IT field since 1985. During his career, he has worked in a wide variety of roles including software development, project management, consulting and architecting large-scale applications. Bob has been with Linoma Software since 1994 and is currently serving its Chief Architect. His main focus for the last several years has been developing technologies to help organizations to automate and secure their file transfers, as well as to protect data at rest through encryption and key management.

More Posts - Website