Protecting Sensitive Files
In January of this year, independent news platform Patch reported that Neiman Marcus, a department store chain in the US, came to a settlement for their 2014 data breach. They’ve agreed to “pay $1.5 million and adopt measures to prevent hacks.” Those measures will include card data encryption, use of “industry-accepted payment security technologies,” and auditing and reporting activity.
The original breach compromised over a quarter million of customers’ credit or debit cards.
Almost 10,000 cards were used after the Neiman Marcus data breach. So even though that was years ago, the effects of their failure to keep data secure has continued to harm users. Data breach fines are typically monetary, so having Neiman Marcus fix the problems that led to the breach is a shift in breach protection: it’s not enough to pay the fines anymore. Poor cybersecurity strategies must also be replaced with strategies to safeguard sensitive files.
Why File Encryption Matters
Incidents like this continue to prove that cybersecurity strategies and policies in industries like retail, healthcare, and even the public sector need to progress faster. The threats and pitfalls of the early 2010s haven’t changed in 2019: malware, unencrypted data, spear phishing scams, and weak passwords.
Forbes reports that companies expect to “spend $93 billion” collectively on information security this year. “They keep pouring tons of money into protecting the network,” the author states, but “the real crown jewels … are in the data that sits behind the network walls. That data is often not protected.” That means there’s an increased interest in good cybersecurity practices, but organizations aren’t equally working to protect their internal and external networks.
It’s not enough to lock the door. An organization’s crown jewels (in this case, customer information) should also be kept in a vault (meaning, encrypted). This ensures that even if someone gets inside, they won’t be able to heist their actual target. The method by which those jewels get in the vault is a type of cybersecurity solution called managed file transfer.
Basics of Managed File Transfer Software
Basically, MFT is a solution for inbound and outbound file transfer needs. It uses industry-standard file transfer protocols (like SFTP, FTPS, and AS2) to send files securely in transit and uses encryption standards (like OpenPGP and AES) to protect data in transit and at rest.
Using managed file transfer (MFT) provides protection for sensitive data and file transfer whether the data is moving or archived. MFT solutions, at minimum, keep data secure and compliant with data security standards across the US and Europe. These standards include HIPAA, HITECH, PCI DSS, SOX, and the GDPR.
What does “managed” mean?
The software acts as a manager for you, automating and streamlining the exchange of data, reducing manual processes and eliminating the need for any legacy tools and scripts. Data (including documents, images, videos, and other files) can also be exchanged via MFT across your private networks, systems, applications, partners, and cloud environments from a single point of administration.
MFT: The Perfect Solution for Your Cybersecurity Strategy
MFT software isn’t just for sending files between users and systems. It comes other features to automate processes, ensure secure connections, track file transfer activity, and more.
Here are a few key features available in most MFT solutions to help avoid data breaches:
This is the most common reason that organizations suffer a data breach. The recent Marriott breach, for example, exposed over 5 million unencrypted passport numbers. Other breaches happen because of how files are shared. An email that contains an unencrypted file, for example, could cause a breach.
MFT solutions use integrated encryption technologies like OpenPGP, SSL, SSH, and AES to secure sensitive data. Most also include a key manager that allows you to create, import, export, and manage your keys and certificates within the product.
File Transfer Automation
User errors and manual processes can also cause data breaches. Automating encryption and exchange of sensitive files means processes and workflows will run without user intervention. This is especially useful when dealing with a high volume of file transfers. With automation, files will get where they need to go (whether to trading partners, remote locations, or even the cloud), and every file will be encrypted out of the gate.
Note: Wondering about ad-hoc file transfers? Some solutions, like GoAnywhere MFT, also offer a secure email module for sending one-time file transfers through a secure HTTPS connection. So while an ad-hoc file transfer is not automated, it’s still secure.
Auditing & Reporting
Managed file transfer solutions support auditing and reporting for compliance needs. These solutions store and make all file transfer and administrator activity available to search. If organizations need to report on file transfer activity to remain compliant with regulations and laws, audit logs can be generated and distributed as PDF reports. You can schedule reports to fit leadership or business partner requirements.
So, How Should You Get Started?
There are five steps we recommend taking to get started on incorporating managed file transfer into your cybersecurity strategy:
- Audit your current cybersecurity practices. Note areas of risk, secure areas, and areas that could use some improvement.
- Review your data breach and incident response plan. If you don’t have one, make one.
- Once you’ve looked at your incident response plan, read our Secure Managed File Transfer Buyer’s Guide for everything you need to know about finding, evaluating, and purchasing an MFT solution. An MFT solution will be part of your data breach prevention plan.
- Try an MFT solution for free to see how it could work for your organization. The benefits are almost immediate, from file transfer automation to solid data encryption.
- Build better connections between your network and web/cloud applications. Some solutions for MFT, including GoAnywhere, offer built-in cloud integrations with key applications (DropBox, Sharepoint, and JIRA, for example)
You don’t have to be the next organization to have a major data breach. Don’t become the next statistic. Make 2019 the year you add managed file transfer to your cybersecurity