Do you send sensitive documents and files using regular email? Could you do more to protect those documents and files to ensure their confidentiality? These are just two of the more obvious questions which many an IT administrator and security officer are now asking their organisations, as the world and it's regulators become more focussed and stringent on data protection.
One way to ensure the confidentiality of emailed and other methods of transmitted files is to use a secure email or attachment service. Such as those provided by managed file transfer solution vendors and providers.
In this blog we take a look at the top five benefits of using such services.
1. Recall and Retract
Secure email solutions will either attach an encrypted file to an email directly with the keys to decrypted requested at the point of access; or will place the file into a temporary holding space which can be accessed by a URL placed into the email. In either case, the file can be technically be recalled up to the point of it being opened by either rejecting the request for the decryption key or deactivating the supplied URL.
This will prevent unintentional disclosure of possible sensitive data to incorrect recipients, an embarrassment we have also endured at least once in our careers.
2. Ensured Confidentiality
A cornerstone of any secure email and attachment service is that any file or attachment afforded its care will benefit from some level of control ensuring its confidentiality, normally through encryption. Encrypted files, so long as with a sensible cryptographic cipher and key length, should render its theft or unauthorised acquisition useless. Key management can vary depending on the solution, for some this is cloud managed, for others this could involve the use of a HSM (High Security Module) or some form of secure storage.
3. Read and Download Receipts
With keys being requested at open or a URL being used to access any sent files or attachments, secure email and attachment services can log and alert when a file has been received and opened. When paired with an authentication stage, the access and download of a file is non-repudiable to a point and can be logged in an audit log for later review.
4. Security Restrictions
Yet another consequence of the file being in the control of the secure email or attachment service up until the point of access or download is that restrictive conditions can be placed on the sent files. For example, some secure email and attachment services will allow restrictions such as a maximum number of downloads, a finite window for access to the file and/or restrictions on the amount of time a user account used to access the file is available for.
In the case of particularly sensitive files, it can be useful to specify a single download option and just a few days to access that file.
5. Satisfy Information Security Regulations and Standards
A large driver for the use of secure email and attachment solutions are regulatory or compliance requirements. Some examples include the GDPR (General Data Protection Regulation), PCI-DSS (Payment Card Industry - Data Security Standard) and ISO 27001, just to name a few.
Without listing meticulous details on the differences between the three, the general theme running through all is the protection of sensitive data and information where there is a high risk of data breach, whether that be unauthorised access, disclosure, use or deletion. The use of a secure service when sending sensitive files and attachments demonstrates a sensible and considerate approach to the transmission of such files and attachments, thus often satisfying the needs of those regulations and compliance standards.
Progress MOVEit Transfer is a managed file transfer which offers secure sending and attachment features. Would you like to see a live demonstration of how it might be able to help with your regulatory and compliance requirements? - Click here to book a meeting.
|