It’s more important than it’s ever been for Australian organisations to handle sensitive information properly. GPDR privacy laws combined with the Notifiable Data Breaches scheme have increased pressure on businesses that handle customer information, making it more important than ever to avoid data breaches. Let’s look into how you can protect your business and your clients when sending sensitive information.
How Big of a Problem Are Breaches When Sending Sensitive Information?
If you’re in a business that handles sensitive information, you must ensure that your clients’ personal information is not compromised. Massive data breaches affecting companies large and small are regular occurrences in the news. Here are a handful of examples just from January and February 2019:
- Marriott/Starwood exposes over 5 million passport numbers, hundreds of millions of customer accounts
- First National Real Estate exposes job applicants’ data
- Massive global data breach includes Queensland MP website, Surf Life Saving Australia, and more
- Parliament’s network breached, triggering a password reset for every user
The worst part? This is just a small sampling of the attacks affecting Australian businesses so far in 2019. With attacks like these, how can small and medium businesses protect themselves? There are two ways. The first, of course, is to partner with the pros for your ongoing security needs. We recommend contracting with professionals in the managed IT services industry like us. We at Steadfast Solutions stay on the cutting edge of data security to keep our client protected.
The second way to protect yourself against leaks is to follow some common-sense guidelines for how you handle sensitive data.
Tactics to Stay Safe When Sending Sensitive Information
Sending sensitive information safely and securely is of paramount importance. There are some simple, best practice steps that every business should take when handling sensitive information. Let’s take a look at a few.
Utilise Drive Encryption
The most secure on-site network imaginable doesn’t help keep files safe when those files physically leave the premises. The government knows this well from the Cabinet Files fiasco, where hundreds of classified documents were unwittingly sold for a few dollars inside a locked filing cabinet.
We can’t help you much if your employee loses sensitive printouts, but you can keep sensitive digital data safer by utilising drive encryption for any device that leaves the premises. It’s nearly inevitable that eventually one of your employees will lose track of a laptop or work mobile. Whether the device is lost or stolen, the sensitive information on it is a liability to you. Utilising drive encryption makes it drastically more difficult for thieves to pilfer your data. They may manage to wipe the machine and resell it for a quick buck, but they are unlikely to be capable of getting your data.
Utilise Secure File Transfer (SFTP)
If your business requires sending or receiving large digital files or a high volume of digital files, you’ll want to utilise secure file transfer protocol (SFTP). Doing so will ensure that only you and your recipient see and have access to the files. Your files will be encrypted during transit. Even if some nefarious entity manages to intercept them, it won’t be able to read them.
Setting up SFTP requires a decent bit of technical know-how. Here’s a tutorial for the adventurous and the highly trained. If that looks like a foreign language to you, we’ll be glad to help.
Use Public Cloud Services Judiciously
Services like DropBox and Google Drive are immensely useful for many purposes, both business and personal. However, we don’t recommend using these services for documents containing sensitive information.
For starters, it’s far too easy to grant the wrong people permission to view, edit, or send files. If an intern inadvertently has access to something he shouldn’t and sends it to the wrong people, your company could end up in serious violation of privacy laws. It’s also easy to leave files “lying around” on these services when they’re no longer needed, causing needless exposure. These services can also be tied to personal email accounts instead of business accounts. If that’s the case, someone could leave your organisation and still retain access to the files on these platforms.
Second, while these are major companies with major-league security, a hack or leak is still quite possible. This is doubly bad if you’re using Google Drive with your personal Gmail credentials. Phishing your Google account info is all a hacker needs to get to your business’s sensitive information.
Email Sensitive Information through Encrypted Email Only
Maybe your business only sends sensitive information to clients occasionally. You may not need an SFTP setup, but you do need an encrypted email solution. These operate on the same basic principle of end-to-end encryption. Only you and the recipient can see the contents. It’s encrypted at all points in between.
ProtonMail is one free encrypted email service hosted in Switzerland. Here’s a list of 11 more.
These are some great ways to shore up your security efforts surrounding sending sensitive information. If you’d like to learn more about this or if you’re interested in a total IT services solution, contact us today. Steadfast Solutions is a local company with many years’ experience working with small businesses. We are in a great position to help small businesses in Frankston meet the many challenges that they face in handling their IT needs. We are specialised in many different types of technology. For example, you can rely on our expertise in managed IT services and cloud services, among others. If you could use help managing your small business’s IT needs, let’s get started today.
Published on 11th March 2019 by Ian Brady.