Monday, June 3, 2019

Email Security: Best Practices for Your Organization

From Microsoft to the Democratic National Committee, email security seems to be tenuous, at best. Not only are large-scale organizations vulnerable, but personal email accounts as well.

John Podesta fell prey to a phishing scam in his email, and Colin Powell’s personal opinions became public knowledge after his email was hacked and leaked. 

With email so seemingly open to attack, many wonder what are the best practices for email security for their organizations and personal lives.

Email Is a Target

Many do not consider email as the primary target of hackers looking to access information. Email is the point of entry for something bigger: bank accounts, servers, etc. However, data contained within emails frequently are the target of hackers. 

Think about this: how often does your organization use email to plan or record strategy, culture, and actions? Now, imagine handing this information over to a hacker? 

You wouldn’t do that, yet email susceptible to hacking makes that a very real possibility.

Why Secure Email?

Because email is such a common form of workplace communication, organizations must secure it if they want to secure their data. 

With BYOD becoming more commonplace, and the added issue of IoT, organizations are at a loss to find a simple solution to all their digital security problems.

So, while an organization-owned computer may be secure, an employee’s personal computer may not be. Given how work seems to take place both in and out of the office, secure methods of transferring sensitive files and communications need to be found. 

Historically, the complex nature of email security has muddied the water when it comes to best practices.

Email Security | Best Practices

Strong Security

Email has its advantages for file transfer: it’s portable, easy to use, and ubiquitous. 

Unfortunately, solutions to secure it tend to fail for two reasons: either they’re too difficult to implement or they’re not actually secure. 

Trustwire offers the robust security of AES 256-bit and RSA 4096-bit encryption. We also don’t have the access to or the ability to decrypt the files you send and/or store.

Easy to Use

We wanted to create something that is extremely secure but also easy to use. Our web-based portal keeps things easy. 

Simply create an account, login, and begin sharing files securely. Clients and colleagues do not have to download any apps or programs to access the files.

Use your email, but when the transfer of sensitive or confidential data is required, look to Trustwire.

The Best Secure Dropbox Alternative

It’s become common practice, when we sign up for something, to quickly click that “I agree to the Terms of Service” box.

No doubt the millions of Dropbox users have clicked that little box without thinking of the consequences.

By doing this, you and your organization have agreed to allow Dropbox to access your files, scan, and share them with third parties at their discretion. 

Hardly seems secure, right? Luckily there is a secure Dropbox alternative.

Why Dropbox Can Be Problematic

In its Terms of Service, Dropbox clearly states that:

  • They collect data on how you use their service.
  • They collect your IP addresses, browser and device information, and the webpage you visit before accessing Dropbox
  • And they collect personal data for their “legitimate business needs.”
It’s important to note that Dropbox promises not to sell your data to any third parties. However, its collection suggests that it could be targeted by malicious actors. 

Meaning, if all this valuable information about your usage history and business is stored somewhere, it can become a target for enterprising hackers. 

Clearly there is a need for a secure alternative to Dropbox.

Why Do I Need Secure File Sharing/Storage?

Secure file storage and sharing is important for businesses and individuals. Businesses need to protect customer or client confidentiality and trade secrets and innovations. 

Individuals need to preserve confidential documents online, such as tax returns, pay stubs, health records, and identity records. None of this needs to be vulnerable to malicious people or software.

What to Look for in a Secure Dropbox Alternative

Trustwire provides the ease of use and accessibility of Dropbox but also provides the powerful security you and your organization deserve. 

Let’s take a look at what we offer:

  • 2 GB secure storage space for your files
  • Exchange up to 100 files per month with other Trustwire users
  • True end-to-end encrypted for file exchange and storage
  • Strong AES 256-bit and RSA 4096-bit encryption
  • Incredibly simple-to-use interface
  • Advanced search to find your files quickly
  • Manage your contacts
  • Upload personal files to your account for backup and safekeeping
  • Use tags to easily categorize and identify files
  • Invite unlimited friends and family to join Trustwire and starting exchanging files and messages securely
  • Everything in offered in Basic
  • 2 TB secure storage space for all your files
  • Unlimited file exchange per month
  • Trustwire SecureLink lets you to receive files from anyone securely with same level of encryption, even if the sender is not a Trustwire user
  • Branded site with your logo
  • Unlimited email support with guaranteed 24-hours response time
Sign up today to explore how you can securely transfer and store files with Trustwire!

Legal Cybersecurity: A Lawyer’s Obligation

Most of us are familiar with Attorney-Client privilege, or an attorney’s obligation to maintain the privacy of the communications between themselves and clients.

This enables the lawyer to have the full confidence of their client and work to their best advantage. 

Recently, the American Bar Association (ABA) has published guidance on how this obligation to privacy extends to digital data. 

They state that a lawyer has a strong obligation to protect all electronic communications and data exchanged in the attorney-client relationship.

The Risks

Because lawyers often handle confidential client material, this data can be vulnerable to targeting by hackers. Oftentimes attorneys have financial documentation, identity documents, and in some cases health records pertaining to clients.

Furthermore, the ABA urges legal practices to have a plan of action for handling data breaches before they occur. 

While the ABA offers guidance, it does not go so far as to recommend technology to support legal practices, leaving legal cybersecurity at their discretion.

Legal Cybersecurity with Trustwire

Trustwire simplifies the process of protecting client data for attorneys. Clients and attorneys can exchange files and messages with strong end-to-end encryption. 

Furthermore, neither clients nor legal practices will have to bother with downloading software or learning difficult encryption. 

Simply sign up with Trustwire with an existing email address and both attorneys and clients and store and share files securely.

Take a look at some of our features:

· Strong encryption: AES 256-bit and RSA 4096-bit encryption that is open sourced.

· Trust: Our encryption has no built-in backdoors, and we cannot access your files or messages.

· Privacy: Your usage, location, and data are never tracked, sold, or given away.

· Simplicity: User-friendly for even the most technologically-challenged user.

· Accessibility: Attorneys and clients can access the web-based portal from any device and any modern browser.

Find out how your legal practice can benefit from secure communications with Trustwire.

Is Dropbox Really Secure for Your Business?

When it comes to sharing photos from the big family reunion, Dropbox is great. Most people use it at home, so it makes sense that this translates to work. 

In fact, Dropbox Business has more than 300,000 subscribers. Unfortunately, when you look at how their digital security functions, Dropbox appears to be an inadequate solution for secure file transfer. 

In this post, we explore why.

Data Encryption Insufficient

Dropbox stores your confidential files alongside other users’ data. This means your company’s files on new products and financial reports are in the cloud right next to Grandma’s apple pie recipe. 

Business files need to be properly isolated. In the event of a security breach, your data may not be safe.

No Granular Permission Options

In order to facilitate collaboration from employees at multiple locations, files are often uploaded for editing. 

Currently, there are no options to set permissions for certain groups of users, which is another way in which Dropbox is not secure for business. So, your junior employees will be granted access to the same files as C-level executives. 

This doesn’t mean the files under the purview of your junior employees don’t need to be secure, but the lack of granular permissions can be an issue.

No Passwords for Subfolders

Because Dropbox won’t allow you to password protect subfolders, your business may have to restructure its folders. At best, this is a waste of precious time. 

At worst, some employees will be granted access to information they shouldn’t be privy to. Another way in which Dropbox doesn’t meet the needs of businesses.

No Option for Password-Protected Links

Currently Dropbox doesn’t allow you to share a link to a password-protected link. Furthermore, you cannot add password to a file already uploaded to Dropbox. 

Basically, once it’s uploaded, everyone who has access to the Dropbox account can access the file.

No Involvement from Your IT Department

Another reason Dropbox isn’t secure for business is that your IT department doesn’t have access to an audit log—so they cannot know who has accessed your files. Your IT department cannot wipe a device that has been lost or stolen. 

Additionally, IT staff cannot alter who can sync with particular files. This takes a lot of control away from the professionals you employ to monitor your technology.

You Can’t Lock Editing on Files

During the collaboration process, when you come to a stopping point, you need to lock editing. 

If you don’t do that you can waste a lot of time sorting through different versions, trying to find the final product. 

When the final edits have occurred, you need to halt the process, and you can’t do that with Dropbox.

So, Is Dropbox Secure for Business?

Dropbox is a great app for people to use in their personal lives, but it just doesn’t meet our standards for secure file transfers. 

As we discussed, you can see several areas where Dropbox may leave you wanting. 

If your business is looking for a simple, secure file transfer method, go to Trustwire now and sign up today.

3 Secure Communications Tips for Journalists

In a contentious political climate, it becomes increasingly more important for journalists to secure their online communications.

Sources often provide valuable information, and if they are exposed as sources can face personal or career backlash.

In some cases, as with former Senate aide James Wolfe, the source can face criminal charges. Here are three secure communications tips to help journalists.

Tip 1 – Eliminate Metadata of Photos and Documents

First, sending and receiving files securely is the best secure communication tip for journalists. Then, before journalists use documents and photos sent by sources, these files need to have their metadata removed.

A few great tools for this include: Exiftool for documents and mogrify for photos.

Keep in mind that any tracking pixels from Data Leak Protection software needs to be removed in addition to removing the metadata. For PDF files, which are notorious for phishing scams, we recommend PDF-redact-tools.

Tip 2 – Reduce Instant Messaging Issues

While encrypted instant messaging apps may seem secure, they also leave a trail of metadata. So, while the content of the messages may be encrypted, communications between journalists and sources can still be evident.

Messages can be exchanged along with files via web-based Trustwire.

Tip 3 – Document Exchange Security

First, journalists should receive sensitive documents on a secure file sharing platform, such as Trustwire.

This ensures that documents cannot be accessed at any point in transit, nor can they be accessed from storage on Trustwire.

Furthermore, encryption is rock solid, and the platform can be accessed from anywhere. Trustwire does not track usage, IP addresses, or location info, and doesn’t have access to its users’ files or data.

Other options for secure document transfer exist, but sources may not be willing or able to use the technology, rendering it useless.

Then, the file needs to have its metadata scrubbed as well. Use exiftool <filename> on each document. This may involve converting a Word file to a PDF and then using the pdf-redact-tools to be absolutely sure of sanitation.

Secure Communications Tips for Journalists Takeaways

Journalists have an obligation to protect their sources from unwarranted backlash. Beyond that, these secure communications tips can enable journalists to demonstrate a record of integrity.

Removing metadata from images and files can protect sources. More importantly, providing sources with a secure means of transferring sensitive files and exchanging messages is crucial to maintaining privacy.

Trustwire simplifies the former by allowing you to exchange and store files from sources in a secure location.

We provide powerful encryption technology with none of the hassle. Simply sign up for Trustwire and begin sharing files securely.

Trustwire allows you to use end-to-end encryption to send files, and you can send secure messages along with your file. Trustwire will never access your documents or analyze your data for any purpose at all.

Take the guess work out of file sharing, and sign up with Trustwire today.

The Best Ways to Share Files Securely

In our fast-paced, electronic-device driven world, in-person document delivery rarely occurs. In business situations, we collaborate and ...