Four Common Data Sharing Methods that Provide a False Sense of Security
by Jason Sherrill
Security gets a lot of attention in business today, but there are still some common practices that provide people with a false sense of safety when sharing sensitive data and files with others. Review these practices and make sure that everyone in your organization knows that these practices are dangerous and should not be used.
1. Password protecting zip files
Password protecting a zip file offers very little protection to the data contained inside. Scores of free and low cost tools exist that make quick work of cracking passwords on zip files. This is akin to putting a lock on a screen door. It’s better than no protection, but just barely.
2. Sending two separate email messages
On a regular basis someone will send me an email that contains something sensitive, like a username, accompanied by a note that the person will send me a second email that will contain the password. This is virtually no safer than sending the username and password together in the same email. If someone has gained access to my inbox or to my web-based email account, then they’ve got access to all of my email messages, including the first and second email. Even a hacker with a single digit IQ will be able to find both messages to put together the puzzle needed to gain access to the secure system.
3. Uploading files to a standard FTP server
Standard FTP servers are great for sharing large amounts of non-sensitive data with others, but standard FTP does not provide protection for sensitive data like that common in banking, financial services, insurance, medical and legal fields. Usernames and passwords are transmitted in plain text so they’re easily stolen, especially on wireless or public networks.
4. Sending CDs or DVDs by mail or parcel carrier
Sending data by mail or parcel carrier is actually highest on my list of most dangerous methods to share sensitive data with other people. The potential for the package containing the data to get lost in route is high. The ability to track who has accessed the data or has potentially had access to the data is low. Besides a name on the outside of the package, there is little else to help limit who receives the data. If this is your only option, at a minimum the data should be encrypted using a strong encryption method, such as PGP, that allows you to encrypt the data to a specific person’s key.
Delivered Secure™ - A Safer Method to Share Files
We’re in the business of building useful software and selling it. Since our blog is a business tool, I’d be doing a disservice to you and my company if I didn’t use this opportunity to introduce you to Delivered Secure, a web service that we created to overcome the issues above. Like it’s name implies, Delivered Secure lets you send and receive messages and attached files safely.
Key Delivered Secure file transfer highlights include:
- Your data is encrypted using SSL and military grade encryption
- Delivered Secure sends you an email when your recipients open their file
- Requires no special software to install. All you need is a web browser like Internet Explorer or Firefox.
- Bypasses firewall and email attachment restrictions that often prevent sending or receiving files
- No third-party storage providers, all data is stored in InetSolution’s banking grade data center
- Free trial and extremely low cost monthly subscriptions
- Dedicated telephone and email support
Jason works behind the scenes on security processes and architecture. Jason also works directly with customers to help guide product development road map and functionality of Delivered Secure.