Trustwire Blog: June 2019

Friday, June 28, 2019

Is Gmail Really Confidential?

Seemingly a lot of changes are in the works with Google’s email systems. Recently, Google made a confidential mode available (beta) to its G suite customers.

The update promises to provide confidentiality via emails that can be sent in confidential mode and data exchange that is similarly private.

However, you may be wondering how confidential is Gmail in light of this update?

[Related: The Best Encrypted Email for Your Business]

What Is “Confidential Mode”?

Confidential mode employs IFM (information management controls) that gives users the ability to control certain aspects of their emails. For instance, they can set expiration dates, predetermine the ability for recipients to copy, print, or download an email, and revoke sent emails.

Users interested in an added layer security can opt to require a text-message based two-factor identification process as well. This aims to protect the contents of an email in case of an account’s potential security breach.

For stored files and archiving, there’s Google Vault. From Google Drive, Jamboard files can be archived and searched. Furthermore, data can be retained and exported.

How Secure is Gmail Confidential Mode?

First, it must be noted that confidential mode must be manually enabled. Secondly, recipients are able to copy and paste text once they have accessed it. There is no protection from screenshots.

Their promise of security further breaks down with regard to recipients external to Gmail—a confidential email now exists outside of gmail’s “secure” server.

Perhaps most importantly, Gmail offers no promise to bar its own access to your files. How do we know this?

Because confidential mode does not encrypt the confidential emails. This means that Google can retain your message data indefinitely and analyze its contents.

[Related: Email Security: Best Practices for Your Organization]

Why Trustwire Is a Better Alternative to Gmail Confidential Mode

Traditional super-strong encryption, such as PGP, requires the user to be knowledgeable about cryptography. Why should your everyday user learn cryptography simply to be able to share documents safely?

On the other hand, solutions that are seemingly secure, like Gmail’s confidential setting are too weak to provide true data security. This leaves the problem of data security either too hard to use or too weak to matter.

Enter Trustwire. Trustwire is a secure, browser-based file transfer service. Simply sign up for a free personal account, or our low-cost business plan, and begin sharing files. Trustwire has a simple user interface, yet we use the strongest open-sourced encryption available—AES 256-bit and RSA 4096-bit encryption (end-to-end) to protect your messages and documents.

Unlike Gmail, Trustwire never has access to the content of your messages or your documents. We do not analyze or track your usage or browser history. Trustwire is a simple solution to a difficult problem. Sign up today to begin sharing data with confidence.

Thursday, June 27, 2019

Whatsapp Spyware & The Importance of Encryption for Human Rights Activists and Lawyers

Whatsapp Spyware and the importance of encryption for human rights activists and lawyers

Hackers have done it again—breached what many trusted to be a secure method of communication and turned it into a tool for data mining and tracking the activity of users.

This particular issue stems from a failing in the security framework of Whatsapp that allows hackers to infect users’ phones with spyware.

Given the increased targeting of human rights activists and lawyers by oppressive regimes, the importance of encryption has become paramount. Whatsapp spyware further raises the stakes.

The Problem

Reuters reported just weeks ago that some governments have been using Whatsapp spyware of tracking human rights activists and lawyers they deem a threat. While Whatsapp claims to use strong encryption technology and recognizes the importance of this, their security has failed.

Human Rights lawyers and other activists realize that their work cause them to fall under scrutiny. Some even endure threats to their livelihood or person. Because of these risks, lawyers and activists use encryption to protect their anonymity while communicating online and on mobile devices.

Needless to say, learning that a government who disapproves of your work has access to your contacts’ list, location, and passwords is frightening.

The Solution

Unfortunately, this type of hacking is hard to prevent and detect, because rather than accessing data, this software accesses the device itself. Luckily, this software is expensive to operate, and hackers cannot easily make a profit leveraging this “service.”

Facebook, the owner of Whatsapp, promises to increase security across all of its platforms. This comes especially after Congressional inquiry into how Facebook profits from its users’ data. Unfortunately, Facebook hasn’t made good on its promises before.

Still, encryption is a matter of importance for all human rights activists and lawyers. While spyware that accesses your device from Whatsapp is a threat, it’s not as common as hacking that accesses your date due to a lack of encryption technology.

The Importance of Encryption for Human Rights Activists and Lawyers & Whatsapp Spyware

If you’re looking to protect sensitive documents and messages from hackers, don’t look to an organization that is designed to profit from your private content and behaviors.

At Trustwire, we are committed to providing a truly private, truly secure means of communicating and transferring data.

We never have access to your communications or documents, and we don’t track your usage or the websites you visit before ours. If integrity matters to you, then sign up today and begin transferring and communicating with true security.

Wednesday, June 26, 2019

Stick to These Best Practices for Client Security

These days keeping your clients’ information confidential is absolutely paramount to remain credible in your industry.

A data breach that leaves your clients vulnerable is almost certain death for the responsible business. Maintain your credibility and protect your clients by following these best practices for security.

1. Keep Your Clients’ Data in One Location.

This means that you shouldn’t keep information about your clients on multiple platforms with varying levels of security.

Store contracts, files, payment info and records, etc., in one location that is protected with robust security. Access to this information should be multi-factor authenticated, password-protected, and cloud-based.

2. Give Access Only as Necessary.

Once client data is stored in one location, enable employees to access only what they need to. In other words, limiting the number of folks who can access files limits their exposure to potential threats.

This type of role-based security also protects employees from altering documents outside their purview.

3. Transition to Electronic Signatures.

Not only will e-signatures be easier to gather than paper ones, they’re more secure. In addition, gaining e-signatures is quicker. Why are they more secure? E-signatures have a digital trail including when and where they were signed.

4. Forgo Email for Data Collection.

Email is the number one method hackers use to access corporate entities. Therefore, do not use email to collect contracts, signatures, or exchange sensitive documents. Use end-to-end encryption methods of securing client data needed for designing or finalizing contracts.

5. Maintain Rigorous Security Standards.

Security breaches are devastating to a business; therefore, best practices for client security are vital. Make sure any cloud-based storage systems are supported by the strongest possible security.

Furthermore, make sure that you know if your cloud storage and file transfer systems collect data of their own regarding your clients’ information. This is a potential privacy violation. Beyond that, file transfers need to be end-to-end encrypted with the strongest, open-sourced encryption technology.

Best Practices | Client Security

Trustwire champions the protection of its clients’ privacy and data integrity. This means that your organization can store, share, and communicate without worry.

Trustwire uses the strongest end-to-end encryption available.

Moreover, Trustwire never has access to your data, and never tracks usage, or sells your information. Look to Trustwire to solve your security needs.

Tuesday, June 25, 2019

Privacy Violations Crack Down: What Businesses Need to Know

The digital age changed lives in so many great ways: we can make purchases in an instant, finalize important documents remotely, and communicate across continents. All of this advancement has come with some unwanted negatives: namely, the loss of true privacy.

For decades now, some corporations have based their profit structures on selling what they know about their consumers. Because the US lacks a comprehensive federal statute on personal data online, the FTC is scrambling to crack down on privacy violations. Here’s what you need to know.

Face the Music

Music.ly or TikTok is a social media platform popular with teens and children. The FTC filed a complaint recently due to what it considered as unauthorized distribution of the personal data of minors.

Under the Children’s Online Privacy Protection Act (COPPA), TikTok was required to obtain consent for such activity but did not.

To make matters worse, the popular social media platform continued to list identifying markers of children even when they set their profiles to private.

While the company paid a whopping near-six-million-dollar settlement, they failed to fully comply with the regulations of COPPA.

This prompted the FTC to issue a statement saying that they would pursue large corporations who put the advancement of their business goals above the rights of private citizens.

Surely, this case is a cautionary tale for any organization that caters to consumers who are minors.

Facebook and Cambridge Analytica

Facebook has always been iffy when it comes to consideration for its users’ privacy.

However, alarm bells began ringing in 2018 when the news that Facebook had allowed user data to be used by Cambridge Analytica, a British consulting firm that uses personal data to help politicians and businesses “change audience behavior.”

The firm got access to more than 50 million users personal data. Here’s the kicker, Facebook says that it’s not responsible because it allows researchers to collect data about users.

And the organization claims it had nothing to do with a researcher turning over such data to an unauthorized entity (Cambridge Analytica).

Incidentally, Cambridge Analytica claims they deleted the data anyway, upon learning that it was harvested unethically.

Yet, in spite of users’ private data being exploited by others, Facebook was allowed to handle the mess as they saw fit.

The FTC says that they are investigating, so it looks like Facebook may soon face a privacy-violations crack down of its own. The EU is also investigation Facebook for potential violations of its General Data Protection Regulation (GDPR).

Crack Down on Privacy Violations

Issues with Facebook especially, but also with smaller corporations like TikTok, show the movement towards large scale legislation that makes companies responsible for maintaining the privacy of its users.

At the very least, and we’ve seen this with recent legislation passed in California, more and more state governments are seeking to maintain the integrity of consumers’ privacy online.

What This Means for Your Business

The Federal Trade Commission’s commitment to enforcing consumers’ privacy can only lead to a widescale enforcement of such rules. Better be the forerunner of change than the last to cross the finish line.

Start by protecting the integrity of the data you collect and retain on behalf of your clients. By showing them that you take their privacy seriously, you can build loyalty.

Take a look at how Trustwire can enable you to do so, without compromising your commitment to security.

Monday, June 24, 2019

Cybercrime and Protecting Small Businesses

Some security experts predict that cybercrime profit will exceed 6 trillion dollars annually by 2021. Surprisingly, small businesses will be the primary target.

So, how can the difficult job of protecting small businesses from cybercrime be accomplished? Let’s take a look.

What Makes Small Businesses So Vulnerable?

Small and medium-sized businesses (SMBs) are more susceptible to cybercrime attacks because they simply do not make use of the strength of security they need.

Sometimes resources are thin and a cheaper alternative seems appealing or adequate.

By the same token, SMBs generally don’t have a dedicated security expert that can adapt technology to threats that are constantly evolving.

Your Employees Are Your Biggest Threat

That’s right. Not that you have unintentionally hired some bad actors, but employees commonly inadvertently compromise security.

From clicking on compromised emails, falling for impersonation scams, or sending a sensitive file in a less than secure manner—employees create vulnerabilities.

The best way to neutralize these unintentional security threats is to train your employees to recognize them.

Even better, employees should know to alert your security expert to potential threats.

Another tactic is requiring employees to use secure means of file transfer and online-collaboration.

Hand in hand with this, limit the access employees have to certain data. The fewer people who have access to sensitive information, the better.

Wholesale Changes that Work

First, get a VPN to protect your servers when employees access them remotely. The ways in which your employees access your servers when out of the office often compromise the security of the whole system.

Therefore, using a VPN and multi-factor authentication can ramp up your defenses.

Second, encrypt any mobile devices that store your organization’s data.

Laptops can be a giant security risk—a stolen laptop can either big a huge problem, or if encrypted, simply a matter of being replaced. A compromised mobile device can be an easy target for cybercrime.

Best Practices for Protecting Small Businesses from Cybercrime

Train employees to recognize potential scams, alert security team members to possible threats, how to execute policies regarding cybersecurity, and conduct themselves safely online, including by using strong password techniques. They should also know what to do if something goes wrong.
Have your security team keep tabs on your network for potential weakness, patterns of access, and any suspicious irregularities.
Create security policies that are strictly enforced. These policies need to both protect your clients and your business. Moreover, they should comply with any regulatory requirements, if not exceed them. Whatever your industry is, make sure that you are not skimping on any security for your clients/customers.
Limit access and enforce perimeters. Each employee should have only the access required of their job. All traffic on your network needs to be screened for viruses and other malicious content.

Running an SMB can be extremely rewarding. Protect your livelihood by taking reasonable and required measures to prevent cybercriminals from ruining your hard work.

Preventing cybercrime and protecting small businesses is one of the most important goals of Trustwire. Enable your employees to communicate, transfer, and store documents safely today.

Wednesday, June 19, 2019

Avoiding Privacy Violations: Why Not Acting Now is Risky Business

Ever on the cutting edge, California delves into the new frontier of data protection with its California Consumer Privacy Act (CCPA), effective January 1, 2020.

This piece of legislation seeks to protect the way information about consumers is used by businesses and other organizations.

More importantly, for businesses, avoiding privacy violations will be paramount if legal retribution and financial damage are to be avoided.

What CCPA Means for Your Business

The government of California feels that businesses, who were previously required to take “reasonable” steps to safeguard consumer information, did so insufficiently. Now, businesses whose customers are residents of California must do the following:

Implement and maintain security systems & procedures
Protect consumers’ personal information from unauthorized disclosure.
Must not destroy, use, modify, access, or disclose consumers’ personal information without consent.
Protect consumers’ information from security breaches.

How to Protect Your Business

First, your business needs to consider how well its privacy procedures are actually working.

Businesses who invest in a privacy audit aren’t wasting money. Taking such action can expose areas where work is needed. Before you seek out a consultant, consider how your organizations stands in these five areas:

1. Do you document the consumer data you collect?

Firstly, under the CCPA, consumers can request to know what data has been collected about them, so you’d better be prepared to divulge. Secondly, any third-party involvement you have may also be collecting data on your behalf, and you need to be aware of such activity.

A procedure for informing consumers of this information needs to be in place and ready to go. In July 2020, consumers can rightfully demand to know.

2. Keep track of the “personal information” you collect about consumers.

The CCPA defines “personal information” as “Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number or other similar identifiers” as well as, “a broad list of characteristics and behaviors, both personal and commercial, as well as inferences drawn from this information” (source).

So from the information your organization collects, you must be able to determine what of it is considered “personal.”

3. Be prepared to be responsible for data collected by third-parties.

The government of California intends to hold the owners of the business responsible for the data collected by third-parties.

This especially holds true for third-party tags, or the Java code generated by ad servers.

If your advertising agencies use such technology, then you need to know what data they are collecting, and how they are using it.

Crucial need-to-know information:

1. What third-party data collectors do you have?

2. What information are they collecting?

3. With whom are they sharing this information?

4. Generate an opt-out policy that is both easy to find and understand.

Having identified all of the previous data-collection information, you need to proceed with a strong opt-out policy. This policy needs to be conspicuous. Users must identify a link where they can expect to opt-out of having their information sold.

Keep in mind that the CCPA outlines what constitutes a proper opt-out policy. Definitely do your research to make sure that your business is compliant. Trying to shirk this requirement is unwise.

5. Protect minors’ rights to privacy by setting up a parental consent procedure.

Minors’ personal information cannot be sold unless they opt-in, and this process needs to be clearly outlined and compliant.

Data sharing cannot take place without the consent of the legal guardian. So, take the time to set in place compliant procedures to avoid fines and penalties.

Is Avoiding Privacy Violations Worth It?

Well, aside from preventing legal woes and fines, the bottom line is yes. California has long set legislative trends when it comes to the rights of individuals, heralding new standards for other governmental bodies to follow.

So, while you may not feel the pressure to comply with this standard now, chances are you will have to in the future.

Furthermore, the unauthorized sale of personal data or the promise to protect such data doesn’t sit well with most American consumers. Being forthcoming and sincere about protecting your customers’ personal data creates a sense of trust that pays off in the long run.

If you’re concerned about protecting your clients’ personal data, contact the security experts at Trustwire today.

Friday, June 14, 2019

How Trustwire and VPN are Tools in Protecting Human Rights

How VPN and Trustwire are tools in protecting human rights

While most people champion the cause of human rights, those who defend human rights are increasingly under threat. Common methods of communication for investigative journalists, human rights lawyers, and activists are being targeted.

Sensitive communications, as well as other identifying information is being compromised and endangering the lives of people fighting the abuses of oppressive regimes. But, there are a few ways activists can preserve their privacy, and therefore, their safety. Let’s take a look at how VPN and Trustwire are tools in protecting human rights.

The Issue

According to the International Federation of Journalists (IFJ), 94 journalists were killed in 2018. In 2017, the number was 82. Afghanistan and Mexico top the list of the most dangerous place to be a journalist, but even the United States lost 5 journalists last year.

In the Phillipines, 34 lawyers have been killed since they elected Duterte in 2016. According to the New York Times, spyware allowed those responsible for the murder of Jamal Khashoggi track his location. Apparently, this type of surveillance is not uncommon. To those who challenge the legitimacy of some government’s actions, electronic communications can be a threat to their survival.

How VPN and Trustwire Are Tools in Protecting Human Rights

While a government with seemingly inexhaustible resources may seem like an insurmountable

How Trustwire and VPN are Tools in Protecting Human Rights

challenge, there are simple things that can be done. For one thing, a VPN service can preserve the privacy of individuals online.

Look for a VPN that combines both a privacy and security focus. In this way, a VPN, or virtual private network, can be a tool in protecting human rights.

Take into account the jurisdiction of your VPN to understand if that government will be tracking your data. Still, a VPN can ensure the privacy of those who may be subject to surveillance.

Similarly, Trustwire uses encryption that is as strong as the encryption the US government uses. Beyond this, there are no backdoors in the encryption technology used by Trustwire—so Trustwire can’t access your data even if we wanted to.

Trustwire allows journalists, activists, and other human rights defenders to communicate and share files without risking them being intercepted. What’s more, Trustwire does not track your usage, access, location, or the websites you’ve visited before accessing Trustwire.

No information given to Trustwire will ever be sold or analyzed. We are committed to the absolute privacy of our users.

Wednesday, June 12, 2019

Ensuring Privacy Online: The Individual’s Dilemma

In order for true online privacy, encryption is used to isolate users’ conversations and data from uninvolved parties. Simple enough, right? Now, when a crime is committed, and law enforcement needs to be involved, this privacy may need to be compromised in service of the law.

That also makes sense. Here’s the rub—customarily, law enforcement agencies have long lobbied for back doors to be built into encryption in the event they need to decrypt data in the course of a criminal investigation. While this doesn’t seem too troubling on the surface, deeper contemplation reveals how this weakens ensuring privacy online for everyone.

The Issue with Backdoors

Firstly, let’s look at what a backdoor is in terms of encryption. This is a purposefully designed weakness in an encryption system. In the event that encrypted data needs to be accessed by law enforcement, the backdoor can be used.

Now the issue with backdoors is pretty simple: they create weaknesses. For this reason, the truly secure-minded online users open-sourced encryption. This is encryption that has no deliberate points of weakness.

Secondly, if government organizations can gain access to your encrypted data, it stands to reason that hackers and other malicious actors can too.

After all, a backdoor isn’t a weakness that only those with good intentions can use. So, that leaves a problem with no acceptable solution, or does it?

A New Solution

The UK’s surveillance agency created what it thinks is a novel solution. Before communications are encrypted, allow the government access to all communications, then apply encryption.

This makes the information both safe from hackers (because strong encryption can be used) and available to government agencies if necessary. Now, while this seems like a perfect solution on paper, it really isn’t.

In the first place, it assumes that government agencies and their employees will always act legally and ethically. No government can provide its citizens this promise with complete assurance.

Furthermore, this strategy won’t work for all encrypted technology, including: email, hard drives, or apps. The inability to apply this in a widescale manner would defeat its purpose in general, necessitating the argument for backdoors yet again.

Finally, many companies are unwilling to consent to such a violation of its users’ privacy. Certainly, we would never grant the government access to our users’ data.

The issue boils down to how much privacy does an individual deserve—and most individual users consider their privacy a fundamental human right.

Ensuring Privacy Online

Reducing the privacy of individuals online in the service of aiding the government doesn’t seem worth it.

Especially when you consider that governmental surveillance hasn’t made any of us that much safer. Ensuring privacy online is the cornerstone of Trustwire’s values. Choose Trustwire because we take your security seriously.

Top 5 Email Security Risks in 2019

Once again, we are confronted by a fact: email is not secure. As invaluable as email is, malicious actors look to its weaknesses to take advantage of users, and the threats are growing in sophistication.

According to the Email Security Risk Assessment (ESRA) quarterly report released by email and data security company Mimecast, these are the top # email security risks in 2019.

#1 Spam

While one kind of SPAM may be detrimental to your arteries, the other kind targets your email and attacks your identity and privacy. ESRA looked at some 319,000 email users over the course of a little more than five years.

In this time, they identified more than 26 million spam emails. The report notes that spam is generally just annoying. However, in that larger number of annoying emails, there were many truly damaging and malicious emails.

#2 Dangerous File Types

The report identified more than 25,000 files that were malicious. It’s important to note that these emails with attachments were approved by organizations’ email security systems. These emails contained attachments that, when opened, install systems detrimental to the user and/or organization. Such files include programs (.exe), source files (.src), and Java service pages (.jsp).

#3 Malware

Malware is software that gains unauthorized access to a computer and causes that device harm. The ESRA found that over 27,000 emails contained malware. Yet again, these emails made it past the organization’s existing security. Malware has become increasingly sophisticated. Past methods to detect malware are sometimes unable to find this new more targeted and deceptive software.

#4 Impersonation

Impersonation attacks generally try to buy credibility by assuming the identity of a trusted entity. Name recognition causes users to let down their guard, and the impersonation attack succeeds in its deception. Oftentimes, these emails enlist the user to send sensitive documents, transfer money, or otherwise divulge valuable information. ESRA found over 55,000 of these attacks. These scams have even targeted university students.

#5 Sinister URLs

The report also found more than 460,000 or 1 in 69 emails containing a malicious URL. This leaves organizations and employees vulnerable to malware, spyware, or ransomware. Businesses can hardly be thrilled about assuming this level of risk.

Top 5 Email Security Risks in 2019

In light of the top email security risks in 2019, we hope it has become evident how truly un-secure email is. All of the emails analyzed by in the report were already being screened for malicious activity, yet several millions of malicious emails made their way into employees’ inboxes.

Trustwire’s remarkably simple browser-based platform enables your employees to share documents and messages without compromising your organization’s security. Sign up today if you’re interested in the safest way to transfer files online.

Monday, June 3, 2019

Email Security: Best Practices for Your Organization

From Microsoft to the Democratic National Committee, email security seems to be tenuous, at best. Not only are large-scale organizations vulnerable, but personal email accounts as well.

John Podesta fell prey to a phishing scam in his email, and Colin Powell’s personal opinions became public knowledge after his email was hacked and leaked.

With email so seemingly open to attack, many wonder what are the best practices for email security for their organizations and personal lives.

Email Is a Target

Many do not consider email as the primary target of hackers looking to access information. Email is the point of entry for something bigger: bank accounts, servers, etc. However, data contained within emails frequently are the target of hackers.

Think about this: how often does your organization use email to plan or record strategy, culture, and actions? Now, imagine handing this information over to a hacker?

You wouldn’t do that, yet email susceptible to hacking makes that a very real possibility.

Why Secure Email?

Because email is such a common form of workplace communication, organizations must secure it if they want to secure their data.

With BYOD becoming more commonplace, and the added issue of IoT, organizations are at a loss to find a simple solution to all their digital security problems.

So, while an organization-owned computer may be secure, an employee’s personal computer may not be. Given how work seems to take place both in and out of the office, secure methods of transferring sensitive files and communications need to be found.

Historically, the complex nature of email security has muddied the water when it comes to best practices.

Email Security | Best Practices

Strong Security

Email has its advantages for file transfer: it’s portable, easy to use, and ubiquitous.

Unfortunately, solutions to secure it tend to fail for two reasons: either they’re too difficult to implement or they’re not actually secure.

Trustwire offers the robust security of AES 256-bit and RSA 4096-bit encryption. We also don’t have the access to or the ability to decrypt the files you send and/or store.

Easy to Use

We wanted to create something that is extremely secure but also easy to use. Our web-based portal keeps things easy.

Simply create an account, login, and begin sharing files securely. Clients and colleagues do not have to download any apps or programs to access the files.

Use your email, but when the transfer of sensitive or confidential data is required, look to Trustwire.

The Best Secure Dropbox Alternative

It’s become common practice, when we sign up for something, to quickly click that “I agree to the Terms of Service” box.

No doubt the millions of Dropbox users have clicked that little box without thinking of the consequences.

By doing this, you and your organization have agreed to allow Dropbox to access your files, scan, and share them with third parties at their discretion.

Hardly seems secure, right? Luckily there is a secure Dropbox alternative.

Why Dropbox Can Be Problematic

In its Terms of Service, Dropbox clearly states that:

They collect data on how you use their service.
They collect your IP addresses, browser and device information, and the webpage you visit before accessing Dropbox
And they collect personal data for their “legitimate business needs.”

It’s important to note that Dropbox promises not to sell your data to any third parties. However, its collection suggests that it could be targeted by malicious actors.

Meaning, if all this valuable information about your usage history and business is stored somewhere, it can become a target for enterprising hackers.

Clearly there is a need for a secure alternative to Dropbox.

Why Do I Need Secure File Sharing/Storage?

Secure file storage and sharing is important for businesses and individuals. Businesses need to protect customer or client confidentiality and trade secrets and innovations.

Individuals need to preserve confidential documents online, such as tax returns, pay stubs, health records, and identity records. None of this needs to be vulnerable to malicious people or software.

What to Look for in a Secure Dropbox Alternative

Trustwire provides the ease of use and accessibility of Dropbox but also provides the powerful security you and your organization deserve.

Let’s take a look at what we offer:

Free

2 GB secure storage space for your files
Exchange up to 100 files per month with other Trustwire users
True end-to-end encrypted for file exchange and storage
Strong AES 256-bit and RSA 4096-bit encryption
Incredibly simple-to-use interface
Advanced search to find your files quickly
Manage your contacts
Upload personal files to your account for backup and safekeeping
Use tags to easily categorize and identify files
Invite unlimited friends and family to join Trustwire and starting exchanging files and messages securely

Business

Everything in offered in Basic
2 TB secure storage space for all your files
Unlimited file exchange per month
Trustwire SecureLink lets you to receive files from anyone securely with same level of encryption, even if the sender is not a Trustwire user
Branded site with your logo
Unlimited email support with guaranteed 24-hours response time

Legal Cybersecurity: A Lawyer’s Obligation

Most of us are familiar with Attorney-Client privilege, or an attorney’s obligation to maintain the privacy of the communications between themselves and clients.

This enables the lawyer to have the full confidence of their client and work to their best advantage.

Recently, the American Bar Association (ABA) has published guidance on how this obligation to privacy extends to digital data.

They state that a lawyer has a strong obligation to protect all electronic communications and data exchanged in the attorney-client relationship.

The Risks

Because lawyers often handle confidential client material, this data can be vulnerable to targeting by hackers. Oftentimes attorneys have financial documentation, identity documents, and in some cases health records pertaining to clients.

Furthermore, the ABA urges legal practices to have a plan of action for handling data breaches before they occur.

While the ABA offers guidance, it does not go so far as to recommend technology to support legal practices, leaving legal cybersecurity at their discretion.

Legal Cybersecurity with Trustwire

Trustwire simplifies the process of protecting client data for attorneys. Clients and attorneys can exchange files and messages with strong end-to-end encryption.

Furthermore, neither clients nor legal practices will have to bother with downloading software or learning difficult encryption.

Simply sign up with Trustwire with an existing email address and both attorneys and clients and store and share files securely.

Take a look at some of our features:

· Strong encryption: AES 256-bit and RSA 4096-bit encryption that is open sourced.

· Trust: Our encryption has no built-in backdoors, and we cannot access your files or messages.

· Privacy: Your usage, location, and data are never tracked, sold, or given away.

· Simplicity: User-friendly for even the most technologically-challenged user.

· Accessibility: Attorneys and clients can access the web-based portal from any device and any modern browser.

Find out how your legal practice can benefit from secure communications with Trustwire.

Is Dropbox Really Secure for Your Business?

When it comes to sharing photos from the big family reunion, Dropbox is great. Most people use it at home, so it makes sense that this translates to work.

In fact, Dropbox Business has more than 300,000 subscribers. Unfortunately, when you look at how their digital security functions, Dropbox appears to be an inadequate solution for secure file transfer.

In this post, we explore why.

Data Encryption Insufficient

Dropbox stores your confidential files alongside other users’ data. This means your company’s files on new products and financial reports are in the cloud right next to Grandma’s apple pie recipe.

Business files need to be properly isolated. In the event of a security breach, your data may not be safe.

No Granular Permission Options

In order to facilitate collaboration from employees at multiple locations, files are often uploaded for editing.

Currently, there are no options to set permissions for certain groups of users, which is another way in which Dropbox is not secure for business. So, your junior employees will be granted access to the same files as C-level executives.

This doesn’t mean the files under the purview of your junior employees don’t need to be secure, but the lack of granular permissions can be an issue.

No Passwords for Subfolders

Because Dropbox won’t allow you to password protect subfolders, your business may have to restructure its folders. At best, this is a waste of precious time.

At worst, some employees will be granted access to information they shouldn’t be privy to. Another way in which Dropbox doesn’t meet the needs of businesses.

No Option for Password-Protected Links

Currently Dropbox doesn’t allow you to share a link to a password-protected link. Furthermore, you cannot add password to a file already uploaded to Dropbox.

Basically, once it’s uploaded, everyone who has access to the Dropbox account can access the file.

No Involvement from Your IT Department

Another reason Dropbox isn’t secure for business is that your IT department doesn’t have access to an audit log—so they cannot know who has accessed your files. Your IT department cannot wipe a device that has been lost or stolen.

Additionally, IT staff cannot alter who can sync with particular files. This takes a lot of control away from the professionals you employ to monitor your technology.

You Can’t Lock Editing on Files

During the collaboration process, when you come to a stopping point, you need to lock editing.

If you don’t do that you can waste a lot of time sorting through different versions, trying to find the final product.

When the final edits have occurred, you need to halt the process, and you can’t do that with Dropbox.

So, Is Dropbox Secure for Business?

Dropbox is a great app for people to use in their personal lives, but it just doesn’t meet our standards for secure file transfers.

As we discussed, you can see several areas where Dropbox may leave you wanting.

If your business is looking for a simple, secure file transfer method, go to Trustwire now and sign up today.

3 Secure Communications Tips for Journalists

In a contentious political climate, it becomes increasingly more important for journalists to secure their online communications.

Sources often provide valuable information, and if they are exposed as sources can face personal or career backlash.

In some cases, as with former Senate aide James Wolfe, the source can face criminal charges. Here are three secure communications tips to help journalists.

Tip 1 – Eliminate Metadata of Photos and Documents

First, sending and receiving files securely is the best secure communication tip for journalists. Then, before journalists use documents and photos sent by sources, these files need to have their metadata removed.

A few great tools for this include: Exiftool for documents and mogrify for photos.

Keep in mind that any tracking pixels from Data Leak Protection software needs to be removed in addition to removing the metadata. For PDF files, which are notorious for phishing scams, we recommend PDF-redact-tools.

Tip 2 – Reduce Instant Messaging Issues

While encrypted instant messaging apps may seem secure, they also leave a trail of metadata. So, while the content of the messages may be encrypted, communications between journalists and sources can still be evident.

Messages can be exchanged along with files via web-based Trustwire.

Tip 3 – Document Exchange Security

First, journalists should receive sensitive documents on a secure file sharing platform, such as Trustwire.

This ensures that documents cannot be accessed at any point in transit, nor can they be accessed from storage on Trustwire.

Furthermore, encryption is rock solid, and the platform can be accessed from anywhere. Trustwire does not track usage, IP addresses, or location info, and doesn’t have access to its users’ files or data.

Other options for secure document transfer exist, but sources may not be willing or able to use the technology, rendering it useless.

Then, the file needs to have its metadata scrubbed as well. Use exiftool <filename> on each document. This may involve converting a Word file to a PDF and then using the pdf-redact-tools to be absolutely sure of sanitation.

Secure Communications Tips for Journalists Takeaways

Journalists have an obligation to protect their sources from unwarranted backlash. Beyond that, these secure communications tips can enable journalists to demonstrate a record of integrity.

Removing metadata from images and files can protect sources. More importantly, providing sources with a secure means of transferring sensitive files and exchanging messages is crucial to maintaining privacy.

Trustwire simplifies the former by allowing you to exchange and store files from sources in a secure location.

We provide powerful encryption technology with none of the hassle. Simply sign up for Trustwire and begin sharing files securely.

Trustwire allows you to use end-to-end encryption to send files, and you can send secure messages along with your file. Trustwire will never access your documents or analyze your data for any purpose at all.

Take the guess work out of file sharing, and sign up with Trustwire today.