Is There a Safe Way to Transmit HR Documents Online?

HR documents are a treasure trove of personal information. As of July 2019, over 4 billion sensitive pieces of data have been breached. That being said, is there ever a safe way to transmit HR documents online? We think so, and we’ll tell you why.

The Problem

The methods we use to transfer secure documents are just not robust enough to weather sophisticated security breaches. We’ve blogged a lot about how email is an extremely vulnerable method of file transfer and storage. So, that’s no way to transmit an HR document.

Similarly, encrypted email falls short a lot of the time as well. While your end may encrypt the email before it’s sent and transmit it encrypted, your recipient may not have the same concerns. Thus, your transmission is potentially open to being compromised.

Is It Safe to Fax to Transmit HR Documents Online?

Well, in a couple of words, probably not. Fax machines are susceptible to human error—dialing the wrong number, it’s an image document, and it may be viewable at the receiving site by anyone. Online Fax or Cloud-Based Fax is generally considered much more secure than traditional faxing.

In-Person Delivery

When it comes to secure file transfer, it’s really difficult to find a method more secure than this one. However, for obvious reasons, this isn’t always possible. When you don’t work on-location, it’s essential to send HR documents online.

Trustwire: A Secure Online Solution

If you need to transmit HR documents online in a safe way, consider Trustwire. New employees can easily create an account to send documents to HR departments. All documents are end-to-end encrypted.

Furthermore, Trustwire’s ease of use is unparalleled. This means that what it costs to keep your employees up to speed on how to use the platform is virtually free and intuitive.

Is There a Safe Way to Transmit Documents Online?

Yes. Put your confidence in a service that is committed to maintaining its clients’ privacy above all else. Learn more by visiting our website.

Government Contract and Cyber Security Requirements

All government contracting companies must meet certain Department of Defense (DoD) standards in order to maintain their contracts, especially with regard to cyber security requirements. In this post, we look at how your business is required to comply.

What is DFARS?

DFARS is the Defense Federal Acquisition Regulation Supplement, which sets forth the requirements for protecting both the government’s and the contractor’s sensitive information. Basically, any contractor that maintains Controlled Unclassified Information (CUI) has an obligation to secure this information.

This information may be particularly valuable to small manufacturers who seek DoD contracts. The guidelines pertain to both contractors and subcontractors.

Cyber security Requirements

According to the parameters set forth by DFARS, contractors must provide “adequate security” of all CUI. Furthermore, any cyber incidents that occur must be reported quickly, generally within 72 hours.  The DFARS makes clear that a cyber incident doesn’t necessarily mean that the contractor did not provide adequate security, but that the security measures will be assessed. More information can be found here.

The NIST MEP Cybersecurity Self-Assessment Handbook details the ways in which contractors, subcontractors, and supply chains can determine how well they are meeting the needs of DoD contracts’ cyber security requirements for government contracting.

Cyber security Requirements and Government Contracting

Naturally, with the requirements laid out by the DFARS, it makes sense to use the strongest encryption technology available in order to secure information. Trustwire’s encryption is open-sourced, with not deliberate back doors. Furthermore, Trustwire itself does not have access to any of its clients messages, data, or documents, which perfectly aligns with guidelines for handling DoD information.

Implementing Trustwire is simple due to its incredible ease-of-use. This mean less training employees and more getting work done. To learn more about how Trustwire can help your business meet DFARS standards, click here.

Transmission of Security Clearance Documents

In the Greater Capital Region, having a security clearance is a common requirement for employment. Even more, having a security clearance can set an applicant apart from others in the job selection process. Knowing what type of information is requested on a security clearance is important. Similarly, protecting the transmission of this sensitive information is vital. Let’s take a look at what’s involved.

What Type of Information is Requested on a Security Clearance?

National Security positions generally look a few key areas of an applicant’s life. The first is identity and citizenship. You will need to provide your name and any other names you’ve had. You will need to provide information about your citizenship.

While this is pretty straightforward for many applicants, those who are naturalized citizens, hold dual citizenship, or those who are not U.S. citizens will be required to give more information. You will want to share this information securely.

Residence, Employment, and Education

Following your citizenship and identifying information, you will need to provide your residences for the last ten years. Then, you will be required to list your education history. The scope of your education will involve all of the education you have had after your 18^th birthday, unless you need more to provide at least two years of educational history.

Then, you will be required to list your employment history for ten years. You will need to provide the name and contact information for your supervisor at each of the positions you have held. There are options for unemployment, self-employment, and “other” if necessary.

Naturally, you will be required to list any and all involvement you have had with the military, including foreign military service.

The type of information requested on a security clearance involves listing whether or not you were reprimanded, fired, or for what reason you resigned from any of these positions.

Personal, Financial, and Legal History

The next section of your application will involve listing references for people who know you well. You’ll be required to detail your marital history. If you currently reside with a significant other, you will be required to list his or her information.

The form requires that you list family members, foreign contacts, activities, and travel. You will be asked to describe any mental health services you’ve received. Obviously, your criminal record, if any, will need to be disclosed in full detail.

In addition to your legal record, you will be asked to provide information concerning drug and alcohol use. Your financial information, including any bankruptcies or significant debts will need to be listed.

Transmission of Security Clearance Documents

As you can see the type of information requested for a security clearance is extensive. As this is a matter of national security, that makes sense. However, a significant amount of personal information resides on this 100+ page form. If you fill out the file on your own and send it in, you will need a secure means of transfer to protect your sensitive information. You really should not rely on email. 

Trustwire’s secure, end-to-end encryption technology ensures that your document is stored and transmitted safely. Sending such a comprehensive document should be done with the utmost care. Be confident when you click send. Learn more at Trustwire.com. 

Intellectual Property Theft | Is the Cloud Vulnerable?

Being relevant and competitive in a global economy requires innovation. Successful businesses realize that innovation requires collaboration. To that end, cloud-based solutions allow for collaboration on projects despite differences in geographical location. But does using the cloud place your organization at risk for intellectual property theft? Let’s take a look.

What’s at Stake?

Trade secrets, patents, product designs, and ideas in development. Making all of these available across the devices and locations of various employees creates a potentially risky situation. Litigation over patent disputes, for example, can be astronomical.

Cybercrime experts suggest that more than a quarter of hackers seek IP rather than consumer identity or financial information. This means that your organization’s IP is vulnerable.

Intellectual Property Theft and the Cloud

Unfortunately, protecting IP is a bit tricker than preventing typical data breaches. Why? Most typical data breaches come from external sources—hackers seeking your clients’ information, for example. 

However, when the target is IP, according to a study conducted by Verizon, 49% of IP theft was due to either employee misuse or employee (current or former) malicious actors.

Tips to Protect Your Organization

• Remove access to the cloud from former employees.
• Restrict access to information stored in the cloud to each employees specific needs only. Make sure that you can use tiers, and enforce access levels.
• Train your employees to use the cloud responsibly—especially with regard to protecting security.
• Furthermore, encrypt all files. This prevents transmission of sensitive files if devices are lost or stolen.
• Maintain an audit trail within your cloud to monitor patterns of access and to alert security professionals to unauthorized access.
• Use Trustwire.

How Trustwire Protects Your Organization from Intellectual Property Theft

Trustwire uses the strongest open-sourced encryption to secure your files and messages. Furthermore, unlike other cloud-based solutions like Dropbox, Trustwire does not have access to your organization’s messages, files, or data. This further secures your IP.

Trustwire has unparalleled ease of use, meaning that your employees can quickly adjust to working with it. Furthermore, Trustwire is available on any device, anywhere in the world. Click here to earn more about how your business can begin protecting its valuable intellectual property with Trustwire.

Stick to These Best Practices for Client Security

These days keeping your clients’ information confidential is absolutely paramount to remain credible in your industry.

A data breach that leaves your clients vulnerable is almost certain death for the responsible business. Maintain your credibility and protect your clients by following these best practices for security.

1. Keep Your Clients’ Data in One Location.

This means that you shouldn’t keep information about your clients on multiple platforms with varying levels of security.

Store contracts, files, payment info and records, etc., in one location that is protected with robust security. Access to this information should be multi-factor authenticated, password-protected, and cloud-based.

2. Give Access Only as Necessary.

Once client data is stored in one location, enable employees to access only what they need to. In other words, limiting the number of folks who can access files limits their exposure to potential threats.

This type of role-based security also protects employees from altering documents outside their purview.

3. Transition to Electronic Signatures.

Not only will e-signatures be easier to gather than paper ones, they’re more secure. In addition, gaining e-signatures is quicker. Why are they more secure? E-signatures have a digital trail including when and where they were signed.

4. Forgo Email for Data Collection.

Email is the number one method hackers use to access corporate entities. Therefore, do not use email to collect contracts, signatures, or exchange sensitive documents. Use end-to-end encryption methods of securing client data needed for designing or finalizing contracts.

[Related: Email Security: Best Practices for Your Organization]

5. Maintain Rigorous Security Standards.

Security breaches are devastating to a business; therefore, best practices for client security are vital. Make sure any cloud-based storage systems are supported by the strongest possible security.

Furthermore, make sure that you know if your cloud storage and file transfer systems collect data of their own regarding your clients’ information. This is a potential privacy violation. Beyond that, file transfers need to be end-to-end encrypted with the strongest, open-sourced encryption technology.

[Related: The Best Way to Share Files Securely]

Best Practices | Client Security

Trustwire champions the protection of its clients’ privacy and data integrity. This means that your organization can store, share, and communicate without worry.

Trustwire uses the strongest end-to-end encryption available.

Moreover, Trustwire never has access to your data, and never tracks usage, or sells your information. Look to Trustwire to solve your security needs.

Top 5 Email Security Risks in 2019

Once again, we are confronted by a fact: email is not secure. As invaluable as email is, malicious actors look to its weaknesses to take advantage of users, and the threats are growing in sophistication.

According to the Email Security Risk Assessment (ESRA) quarterly report released by email and data security company Mimecast, these are the top # email security risks in 2019.

#1 Spam

While one kind of SPAM may be detrimental to your arteries, the other kind targets your email and attacks your identity and privacy. ESRA looked at some 319,000 email users over the course of a little more than five years.

In this time, they identified more than 26 million spam emails. The report notes that spam is generally just annoying. However, in that larger number of annoying emails, there were many truly damaging and malicious emails. 

#2 Dangerous File Types

The report identified more than 25,000 files that were malicious. It’s important to note that these emails with attachments were approved by organizations’ email security systems. These emails contained attachments that, when opened, install systems detrimental to the user and/or organization. Such files include programs (.exe), source files (.src), and Java service pages (.jsp).

 #3 Malware

Malware is software that gains unauthorized access to a computer and causes that device harm. The ESRA found that over 27,000 emails contained malware. Yet again, these emails made it past the organization’s existing security. Malware has become increasingly sophisticated. Past methods to detect malware are sometimes unable to find this new more targeted and deceptive software.

[Related: Email Security: Best Practices for Your Organization]

#4 Impersonation

Impersonation attacks generally try to buy credibility by assuming the identity of a trusted entity. Name recognition causes users to let down their guard, and the impersonation attack succeeds in its deception. Oftentimes, these emails enlist the user to send sensitive documents, transfer money, or otherwise divulge valuable information. ESRA found over 55,000 of these attacks. These scams have even targeted university students.

#5 Sinister URLs

The report also found more than 460,000 or 1 in 69 emails containing a malicious URL. This leaves organizations and employees vulnerable to malware, spyware, or ransomware. Businesses can hardly be thrilled about assuming this level of risk.

[Related: Is Dropbox Really Secure for Your Business?]

Top 5 Email Security Risks in 2019

In light of the top email security risks in 2019, we hope it has become evident how truly un-secure email is. All of the emails analyzed by in the report were already being screened for malicious activity, yet several millions of malicious emails made their way into employees’ inboxes.

Trustwire’s remarkably simple browser-based platform enables your employees to share documents and messages without compromising your organization’s security. Sign up today if you’re interested in the safest way to transfer files online.

Email Security: Best Practices for Your Organization

From Microsoft to the Democratic National Committee, email security seems to be tenuous, at best. Not only are large-scale organizations vulnerable, but personal email accounts as well.

John Podesta fell prey to a phishing scam in his email, and Colin Powell’s personal opinions became public knowledge after his email was hacked and leaked. 

With email so seemingly open to attack, many wonder what are the best practices for email security for their organizations and personal lives.

Email Is a Target

Many do not consider email as the primary target of hackers looking to access information. Email is the point of entry for something bigger: bank accounts, servers, etc. However, data contained within emails frequently are the target of hackers. 

Think about this: how often does your organization use email to plan or record strategy, culture, and actions? Now, imagine handing this information over to a hacker? 

You wouldn’t do that, yet email susceptible to hacking makes that a very real possibility.

Why Secure Email?

Because email is such a common form of workplace communication, organizations must secure it if they want to secure their data. 

With BYOD becoming more commonplace, and the added issue of IoT, organizations are at a loss to find a simple solution to all their digital security problems.

So, while an organization-owned computer may be secure, an employee’s personal computer may not be. Given how work seems to take place both in and out of the office, secure methods of transferring sensitive files and communications need to be found. 

Historically, the complex nature of email security has muddied the water when it comes to best practices.

Email Security | Best Practices

Strong Security

Email has its advantages for file transfer: it’s portable, easy to use, and ubiquitous. 

Unfortunately, solutions to secure it tend to fail for two reasons: either they’re too difficult to implement or they’re not actually secure. 

Trustwire offers the robust security of AES 256-bit and RSA 4096-bit encryption. We also don’t have the access to or the ability to decrypt the files you send and/or store.

Easy to Use

We wanted to create something that is extremely secure but also easy to use. Our web-based portal keeps things easy. 

Simply create an account, login, and begin sharing files securely. Clients and colleagues do not have to download any apps or programs to access the files.

Use your email, but when the transfer of sensitive or confidential data is required, look to Trustwire.

The Best Secure Dropbox Alternative

It’s become common practice, when we sign up for something, to quickly click that “I agree to the Terms of Service” box.

No doubt the millions of Dropbox users have clicked that little box without thinking of the consequences.

By doing this, you and your organization have agreed to allow Dropbox to access your files, scan, and share them with third parties at their discretion. 

Hardly seems secure, right? Luckily there is a secure Dropbox alternative.

Why Dropbox Can Be Problematic

In its Terms of Service, Dropbox clearly states that:

• They collect data on how you use their service.
• They collect your IP addresses, browser and device information, and the webpage you visit before accessing Dropbox
• And they collect personal data for their “legitimate business needs.”

It’s important to note that Dropbox promises not to sell your data to any third parties. However, its collection suggests that it could be targeted by malicious actors. 

Meaning, if all this valuable information about your usage history and business is stored somewhere, it can become a target for enterprising hackers. 

Clearly there is a need for a secure alternative to Dropbox.

Why Do I Need Secure File Sharing/Storage?

Secure file storage and sharing is important for businesses and individuals. Businesses need to protect customer or client confidentiality and trade secrets and innovations. 

Individuals need to preserve confidential documents online, such as tax returns, pay stubs, health records, and identity records. None of this needs to be vulnerable to malicious people or software.

What to Look for in a Secure Dropbox Alternative

Trustwire provides the ease of use and accessibility of Dropbox but also provides the powerful security you and your organization deserve. 

Let’s take a look at what we offer:

Free

• 2 GB secure storage space for your files
• Exchange up to 100 files per month with other Trustwire users
• True end-to-end encrypted for file exchange and storage
• Strong AES 256-bit and RSA 4096-bit encryption
• Incredibly simple-to-use interface
• Advanced search to find your files quickly
• Manage your contacts
• Upload personal files to your account for backup and safekeeping
• Use tags to easily categorize and identify files
• Invite unlimited friends and family to join Trustwire and starting exchanging files and messages securely

Business

• Everything in offered in Basic
• 2 TB secure storage space for all your files
• Unlimited file exchange per month
• Trustwire SecureLink lets you to receive files from anyone securely with same level of encryption, even if the sender is not a Trustwire user
• Branded site with your logo
• Unlimited email support with guaranteed 24-hours response time

Sign up today to explore how you can securely transfer and store files with Trustwire!

Legal Cybersecurity: A Lawyer’s Obligation

Most of us are familiar with Attorney-Client privilege, or an attorney’s obligation to maintain the privacy of the communications between themselves and clients.

This enables the lawyer to have the full confidence of their client and work to their best advantage. 

Recently, the American Bar Association (ABA) has published guidance on how this obligation to privacy extends to digital data. 

They state that a lawyer has a strong obligation to protect all electronic communications and data exchanged in the attorney-client relationship.

The Risks

Because lawyers often handle confidential client material, this data can be vulnerable to targeting by hackers. Oftentimes attorneys have financial documentation, identity documents, and in some cases health records pertaining to clients.

Furthermore, the ABA urges legal practices to have a plan of action for handling data breaches before they occur. 

While the ABA offers guidance, it does not go so far as to recommend technology to support legal practices, leaving legal cybersecurity at their discretion.

Legal Cybersecurity with Trustwire

Trustwire simplifies the process of protecting client data for attorneys. Clients and attorneys can exchange files and messages with strong end-to-end encryption. 

Furthermore, neither clients nor legal practices will have to bother with downloading software or learning difficult encryption. 

Simply sign up with Trustwire with an existing email address and both attorneys and clients and store and share files securely.

Take a look at some of our features:

· Strong encryption: AES 256-bit and RSA 4096-bit encryption that is open sourced.

· Trust: Our encryption has no built-in backdoors, and we cannot access your files or messages.

· Privacy: Your usage, location, and data are never tracked, sold, or given away.

· Simplicity: User-friendly for even the most technologically-challenged user.

· Accessibility: Attorneys and clients can access the web-based portal from any device and any modern browser.

Find out how your legal practice can benefit from secure communications with Trustwire.

Is Dropbox Really Secure for Your Business?

When it comes to sharing photos from the big family reunion, Dropbox is great. Most people use it at home, so it makes sense that this translates to work. 

In fact, Dropbox Business has more than 300,000 subscribers. Unfortunately, when you look at how their digital security functions, Dropbox appears to be an inadequate solution for secure file transfer. 

In this post, we explore why.

Data Encryption Insufficient

Dropbox stores your confidential files alongside other users’ data. This means your company’s files on new products and financial reports are in the cloud right next to Grandma’s apple pie recipe. 

Business files need to be properly isolated. In the event of a security breach, your data may not be safe.

No Granular Permission Options

In order to facilitate collaboration from employees at multiple locations, files are often uploaded for editing. 

Currently, there are no options to set permissions for certain groups of users, which is another way in which Dropbox is not secure for business. So, your junior employees will be granted access to the same files as C-level executives. 

This doesn’t mean the files under the purview of your junior employees don’t need to be secure, but the lack of granular permissions can be an issue.

No Passwords for Subfolders

Because Dropbox won’t allow you to password protect subfolders, your business may have to restructure its folders. At best, this is a waste of precious time. 

At worst, some employees will be granted access to information they shouldn’t be privy to. Another way in which Dropbox doesn’t meet the needs of businesses.

No Option for Password-Protected Links

Currently Dropbox doesn’t allow you to share a link to a password-protected link. Furthermore, you cannot add password to a file already uploaded to Dropbox. 

Basically, once it’s uploaded, everyone who has access to the Dropbox account can access the file.

No Involvement from Your IT Department

Another reason Dropbox isn’t secure for business is that your IT department doesn’t have access to an audit log—so they cannot know who has accessed your files. Your IT department cannot wipe a device that has been lost or stolen. 

Additionally, IT staff cannot alter who can sync with particular files. This takes a lot of control away from the professionals you employ to monitor your technology.

You Can’t Lock Editing on Files

During the collaboration process, when you come to a stopping point, you need to lock editing. 

If you don’t do that you can waste a lot of time sorting through different versions, trying to find the final product. 

When the final edits have occurred, you need to halt the process, and you can’t do that with Dropbox.

So, Is Dropbox Secure for Business?

Dropbox is a great app for people to use in their personal lives, but it just doesn’t meet our standards for secure file transfers. 

As we discussed, you can see several areas where Dropbox may leave you wanting. 

If your business is looking for a simple, secure file transfer method, go to Trustwire now and sign up today.

3 Secure Communications Tips for Journalists

In a contentious political climate, it becomes increasingly more important for journalists to secure their online communications.

Sources often provide valuable information, and if they are exposed as sources can face personal or career backlash.

In some cases, as with former Senate aide James Wolfe, the source can face criminal charges. Here are three secure communications tips to help journalists.

Tip 1 – Eliminate Metadata of Photos and Documents

First, sending and receiving files securely is the best secure communication tip for journalists. Then, before journalists use documents and photos sent by sources, these files need to have their metadata removed.

A few great tools for this include: Exiftool for documents and mogrify for photos.

Keep in mind that any tracking pixels from Data Leak Protection software needs to be removed in addition to removing the metadata. For PDF files, which are notorious for phishing scams, we recommend PDF-redact-tools.

Tip 2 – Reduce Instant Messaging Issues

While encrypted instant messaging apps may seem secure, they also leave a trail of metadata. So, while the content of the messages may be encrypted, communications between journalists and sources can still be evident.

Messages can be exchanged along with files via web-based Trustwire.

Tip 3 – Document Exchange Security

First, journalists should receive sensitive documents on a secure file sharing platform, such as Trustwire.

This ensures that documents cannot be accessed at any point in transit, nor can they be accessed from storage on Trustwire.

Furthermore, encryption is rock solid, and the platform can be accessed from anywhere. Trustwire does not track usage, IP addresses, or location info, and doesn’t have access to its users’ files or data.

Other options for secure document transfer exist, but sources may not be willing or able to use the technology, rendering it useless.

Then, the file needs to have its metadata scrubbed as well. Use exiftool <filename> on each document. This may involve converting a Word file to a PDF and then using the pdf-redact-tools to be absolutely sure of sanitation.

Secure Communications Tips for Journalists Takeaways

Journalists have an obligation to protect their sources from unwarranted backlash. Beyond that, these secure communications tips can enable journalists to demonstrate a record of integrity.

Removing metadata from images and files can protect sources. More importantly, providing sources with a secure means of transferring sensitive files and exchanging messages is crucial to maintaining privacy.

Trustwire simplifies the former by allowing you to exchange and store files from sources in a secure location.

We provide powerful encryption technology with none of the hassle. Simply sign up for Trustwire and begin sharing files securely.

Trustwire allows you to use end-to-end encryption to send files, and you can send secure messages along with your file. Trustwire will never access your documents or analyze your data for any purpose at all.

Take the guess work out of file sharing, and sign up with Trustwire today.