In our digital economy, we send and receive information quickly online. The Internet offers immediate communication with colleagues, clients, vendors, and other strategic partners. Yet we shouldn’t prioritize convenience over data security.
What data do you send in a day’s worth of emails? Sensitive data you send might include:
- personally identifiable information (PII);
- credit card or payment card information;
- attorney–client privileged information;
- IT security information;
- protected health information;
- human subject research;
- loan or job application data;
- proprietary business knowledge.
The problem is people sending without thinking about the security of the transmission. One way to gauge the need for security is to consider how you might send that same information via the postal service. Would you put that data on a postcard that anyone could read? Or would you send a sealed, certified mailing and require the recipient’s signature?
Transmitting data on the Internet in plain text is like the postcard – anyone can read the information. And before you think that no one can actually see your data in transit, think about where you are sending from. Your office network may be password protected and secure, but what if someone waiting for their coffee at Starbucks opens the message using the free Wi-Fi network?
Anyone can intercept communications on open networks with the right tools. This type of cyberattack is common enough to merit its own name: a “man-in-the-middle” attack.
So, how can you stay safe when sending sensitive data?
Embrace encryption. Encrypting the data is like sending that sensitive information in a locked box. Encryption encodes the information to add a level of security. If encrypted data is intercepted, the scrambled data is unreadable by unauthorized users. Only a user with the correct decryption key can access the text.
Encryption also provides additional confirmation that the information is coming from a reliable source.
Your business should also require Secure File Transfer Protocol (SFTP) for sending and receiving large or numerous digital files. You may have heard of FTP, but this file transfer protocol is not encrypted. SFTP is the secure version of FTP, as it encrypts the files in transit. If a nefarious entity does intercept the files, it won’t be able to read them without the decryption key.
Specifically, encourage your employees to:
- use encrypted email only (common providers such as Gmail and Outlook support it; others require third-party apps or services);
- encrypt files before sending to the cloud (in case accounts are breached or services hacked);
- never open business communications on unsecured Wi-Fi networks;
- keep good track of laptops and other portable devices and use drive encryption in case – with encryption, a lost laptop or stolen thumb drive is more secure, and criminals will have a difficult time stealing sensitive information, too;
- control data access – grant permission to view, edit, or send files with sensitive information only to users who need that data for their jobs.