Is There a Safe Way to Transmit HR Documents Online?

HR documents are a treasure trove of personal information. As of July 2019, over 4 billion sensitive pieces of data have been breached. That being said, is there ever a safe way to transmit HR documents online? We think so, and we’ll tell you why.

The Problem

The methods we use to transfer secure documents are just not robust enough to weather sophisticated security breaches. We’ve blogged a lot about how email is an extremely vulnerable method of file transfer and storage. So, that’s no way to transmit an HR document.

Similarly, encrypted email falls short a lot of the time as well. While your end may encrypt the email before it’s sent and transmit it encrypted, your recipient may not have the same concerns. Thus, your transmission is potentially open to being compromised.

Is It Safe to Fax to Transmit HR Documents Online?

Well, in a couple of words, probably not. Fax machines are susceptible to human error—dialing the wrong number, it’s an image document, and it may be viewable at the receiving site by anyone. Online Fax or Cloud-Based Fax is generally considered much more secure than traditional faxing.

In-Person Delivery

When it comes to secure file transfer, it’s really difficult to find a method more secure than this one. However, for obvious reasons, this isn’t always possible. When you don’t work on-location, it’s essential to send HR documents online.

Trustwire: A Secure Online Solution

If you need to transmit HR documents online in a safe way, consider Trustwire. New employees can easily create an account to send documents to HR departments. All documents are end-to-end encrypted.

Furthermore, Trustwire’s ease of use is unparalleled. This means that what it costs to keep your employees up to speed on how to use the platform is virtually free and intuitive.

Is There a Safe Way to Transmit Documents Online?

Yes. Put your confidence in a service that is committed to maintaining its clients’ privacy above all else. Learn more by visiting our website.

Government Contract and Cyber Security Requirements

All government contracting companies must meet certain Department of Defense (DoD) standards in order to maintain their contracts, especially with regard to cyber security requirements. In this post, we look at how your business is required to comply.

What is DFARS?

DFARS is the Defense Federal Acquisition Regulation Supplement, which sets forth the requirements for protecting both the government’s and the contractor’s sensitive information. Basically, any contractor that maintains Controlled Unclassified Information (CUI) has an obligation to secure this information.

This information may be particularly valuable to small manufacturers who seek DoD contracts. The guidelines pertain to both contractors and subcontractors.

Cyber security Requirements

According to the parameters set forth by DFARS, contractors must provide “adequate security” of all CUI. Furthermore, any cyber incidents that occur must be reported quickly, generally within 72 hours.  The DFARS makes clear that a cyber incident doesn’t necessarily mean that the contractor did not provide adequate security, but that the security measures will be assessed. More information can be found here.

The NIST MEP Cybersecurity Self-Assessment Handbook details the ways in which contractors, subcontractors, and supply chains can determine how well they are meeting the needs of DoD contracts’ cyber security requirements for government contracting.

Cyber security Requirements and Government Contracting

Naturally, with the requirements laid out by the DFARS, it makes sense to use the strongest encryption technology available in order to secure information. Trustwire’s encryption is open-sourced, with not deliberate back doors. Furthermore, Trustwire itself does not have access to any of its clients messages, data, or documents, which perfectly aligns with guidelines for handling DoD information.

Implementing Trustwire is simple due to its incredible ease-of-use. This mean less training employees and more getting work done. To learn more about how Trustwire can help your business meet DFARS standards, click here.

Public WiFi and Email Security | Is It Ever Safe?

Back in the days of AOL-dominated email, security wasn’t a huge issue. People used their email at home to communicate with friends and family. Wifi wasn’t a thing, so email security wasn’t a pressing concern. That’s no longer the case.

We use our email for work, shopping, sending confidential documents to lawyers, doctors, and other professionals. Our credit card information and other financial information lives in our email accounts. 

So how secure public wifi for our vital email security?

The Stakes of Email Security

Basically, if a hacker gets into your email, he has found a gold mine. When you connect to a WiFi network, your data is stored on the router for that network.

Using public wifi increases your susceptibility to this type of cybercrime because a hacker can set up a network in a public location, thereby gaining access to your data. This includes your email username and password.

How Can You Protect Yourself?

It’s an almost impossible job to refuse to ever link up to a public WiFi network. We take our jobs with us everywhere. We store important documents in our email that we need to reference when we are on the go. So, how do we protect our email?

Two-Factor Authentication

If your email allows you to require two-factor authentication, use that. This requires a notification to be sent another one of your devices, such as a cell phone, before a new sign-in attempt is allowed. Chances are the hacker won’t have access to both devices.

The Official Network

You can ask the establishment for the name of their network to help authenticate which network you are actually using. This isn’t a sure-fire way to protect yourself, but it’s one step in the right direction.

Trustwire: Always Safe

If you find yourself away from your secure home network, and you need to send or access files, look to Trustwire as a way to do this without compromising your email security. Trustwire functions kind of like email, in that you can access it from anywhere. What’s more, it’s easy to use.

Trustwire is different from email in that it uses the strongest form of encryption to protect your data, no matter where you access our web-based portal. Send your documents from the local coffee shop using Trustwire and be assured that even the most savvy hackers cannot access it. Problem solved. Click here to learn more.

Avoiding Cyber-Espionage in China and Hong Kong for Business Travelers

As China is the US’s second largest partner in trade, business travel to China and Hong Kong is essential. But should you be packing your laptop and smart devices? We’ll show you why avoiding cyber-espionage is essential for the business traveler.

Business Travel

Partnerships with Chinese companies remain lucrative and fruitful. Yet, many fear that traveling on business can leave their data subject to surveillance by the Chinese government. There is some evidence that Chinese custom officials were installing spyware on devices.

[Related: Stick to These Best Practices for Client Security]

China: A Surveillance State

For years, the Chinese government has been tracking its citizens: their travels, their credit, and their activity. This is daily life for Chinese citizens; however, this type of surveillance is highly suspect to Americans.

Unfortunately, many nations choose to spy on citizens of other nations as they travel. Much of the time this is for national security purposes. Yet, visitors tracked in China tend to be those who have important corporate ties—pointing to an economic incentive at hand.

[Related: WhatsApp Spyware and The Importance of Encryption for Human Rights Activists and Lawyers]

Corporate Espionage: Part of the Game?

While Chinese officials insist that corporate espionage takes place in many countries, yet the US government has publicized many recent cases of corporate espionage.

Avoiding Cyber-Espionage in China and Hong Kong

Here are some tips to take to avoid being subject to cyber-espionage while traveling on business to China or Hong Kong:

• Do not take un-needed electronics with sensitive data
• Consider using temporary laptops that have been cleared of sensitive data; ditto for cell phones
• Use thumb-drives for sensitive data, and open files on offline computers only
• In order to access files online, use a service like Trustwire, which is end-to-end encrypted and can be used on any computer.
• Keep in mind that all networks are owned and monitored by the Chinese government.
• Change passwords often.
• Back up your information.
• Do not accept thumb drives or other electronic devices as gifts.
• Remove cell phone batteries to limit tracking.

Depending on how sensitive your data can be, all these tips may not be necessary. Storing and transferring files on Trustwire is an easy and portable way to ensure the security of your business documents. Click here to find out more.

Business Travel Abroad | Protecting Secure Documents

One of the best things about our interconnected world is that we can often work from anywhere. This allows us the freedom to explore while managing to make a living. However, the need to protect secure documents when engaging in business travel abroad is a real need. We’ll outline the practices you should follow.

Business Travel & Cyber Security

The thing is, when you travel abroad for business or leisure, your sensitive data is up for grabs. Whether from foreign governments, corporate entities, or private illegal hackers, your email, documents, and data represent valuable capital for others.

So how is protecting secure documents possible when you have business travel abroad?

[Related: Top 5 Email Security Risks in 2019]

Consider a Password Manager

Companies like LastPass and 1Password allow you to manage your passwords in a way that makes them far less vulnerable to malicious actors. Both of these services are available at a low cost.

Also, when it comes to the security of your personal bank data, it’s worth asking your bank what they offer. Banks often have security measures available that aren’t well known to even their own customers.

Back Up Your Secure Documents

Backing up your secure documents is important so that a stolen device doesn’t mean that you’ve lost things permanently. Store this back up in a separate location that is also secure. Consider a physical drive, as well as an online back up.

[Related: Is Gmail Really Confidential?]

Trustwire offers cloud storage that boasts incredibly strong encryption to keep your documents safe from those with malicious intent. Furthermore, should your laptop go missing abroad, you can access 

Trustwire from any computer without worrying about it being compromised.

Protecting Secure Documents During Business Travel Abroad

Trustwire can be one of the components of cyber security for smart business professionals. Trustwire enables you to securely store and send documents regardless of your location or the device from which you access it. To learn more about our business or personal plans, click here.

Is Gmail Really Confidential?

Seemingly a lot of changes are in the works with Google’s email systems. Recently, Google made a confidential mode available (beta) to its G suite customers.

The update promises to provide confidentiality via emails that can be sent in confidential mode and data exchange that is similarly private.

However, you may be wondering how confidential is Gmail in light of this update?

[Related: The Best Encrypted Email for Your Business]

What Is “Confidential Mode”?

Confidential mode employs IFM (information management controls) that gives users the ability to control certain aspects of their emails. For instance, they can set expiration dates, predetermine the ability for recipients to copy, print, or download an email, and revoke sent emails.

Users interested in an added layer security can opt to require a text-message based two-factor identification process as well. This aims to protect the contents of an email in case of an account’s potential security breach.

For stored files and archiving, there’s Google Vault. From Google Drive, Jamboard files can be archived and searched. Furthermore, data can be retained and exported.

How Secure is Gmail Confidential Mode?

First, it must be noted that confidential mode must be manually enabled. Secondly, recipients are able to copy and paste text once they have accessed it. There is no protection from screenshots.

Their promise of security further breaks down with regard to recipients external to Gmail—a confidential email now exists outside of gmail’s “secure” server.



Perhaps most importantly, Gmail offers no promise to bar its own access to your files. How do we know this?

Because confidential mode does not encrypt the confidential emails. This means that Google can retain your message data indefinitely and analyze its contents.

[Related: Email Security: Best Practices for Your Organization]

Why Trustwire Is a Better Alternative to Gmail Confidential Mode

Traditional super-strong encryption, such as PGP, requires the user to be knowledgeable about cryptography. Why should your everyday user learn cryptography simply to be able to share documents safely?

 On the other hand, solutions that are seemingly secure, like Gmail’s confidential setting are too weak to provide true data security. This leaves the problem of data security either too hard to use or too weak to matter.

Enter Trustwire. Trustwire is a secure, browser-based file transfer service. Simply sign up for a free personal account, or our low-cost business plan, and begin sharing files.  Trustwire has a simple user interface, yet we use the strongest open-sourced encryption available—AES 256-bit and RSA 4096-bit encryption (end-to-end) to protect your messages and documents.

Unlike Gmail, Trustwire never has access to the content of your messages or your documents. We do not analyze or track your usage or browser history. Trustwire is a simple solution to a difficult problem. Sign up today to begin sharing data with confidence.

Cybercrime and Protecting Small Businesses

Some security experts predict that cybercrime profit will exceed 6 trillion dollars annually by 2021. Surprisingly, small businesses will be the primary target.

So, how can the difficult job of protecting small businesses from cybercrime be accomplished? Let’s take a look.

What Makes Small Businesses So Vulnerable?

Small and medium-sized businesses (SMBs) are more susceptible to cybercrime attacks because they simply do not make use of the strength of security they need.

Sometimes resources are thin and a cheaper alternative seems appealing or adequate.

By the same token, SMBs generally don’t have a dedicated security expert that can adapt technology to threats that are constantly evolving.

[Related: The Best Encrypted Email for Your Business]

Your Employees Are Your Biggest Threat

That’s right. Not that you have unintentionally hired some bad actors, but employees commonly inadvertently compromise security.

From clicking on compromised emails, falling for impersonation scams, or sending a sensitive file in a less than secure manner—employees create vulnerabilities.

The best way to neutralize these unintentional security threats is to train your employees to recognize them. 

Even better, employees should know to alert your security expert to potential threats.

Another tactic is requiring employees to use secure means of file transfer and online-collaboration.

Hand in hand with this, limit the access employees have to certain data. The fewer people who have access to sensitive information, the better.

[Related: Is Dropbox Really Secure for Your Business?]

Wholesale Changes that Work

First, get a VPN to protect your servers when employees access them remotely. The ways in which your employees access your servers when out of the office often compromise the security of the whole system.

Therefore, using a VPN and multi-factor authentication can ramp up your defenses.

Second, encrypt any mobile devices that store your organization’s data.

Laptops can be a giant security risk—a stolen laptop can either big a huge problem, or if encrypted, simply a matter of being replaced. A compromised mobile device can be an easy target for cybercrime.

Best Practices for Protecting Small Businesses from Cybercrime

1. Train employees to recognize potential scams, alert security team members to possible threats, how to execute policies regarding cybersecurity, and conduct themselves safely online, including by using strong password techniques. They should also know what to do if something goes wrong.
2. Have your security team keep tabs on your network for potential weakness, patterns of access, and any suspicious irregularities.
3. Create security policies that are strictly enforced. These policies need to both protect your clients and your business. Moreover, they should comply with any regulatory requirements, if not exceed them. Whatever your industry is, make sure that you are not skimping on any security for your clients/customers.
4. Limit access and enforce perimeters. Each employee should have only the access required of their job.  All traffic on your network needs to be screened for viruses and other malicious content.

Running an SMB can be extremely rewarding. Protect your livelihood by taking reasonable and required measures to prevent cybercriminals from ruining your hard work.

Preventing cybercrime and protecting small businesses is one of the most important goals of Trustwire. Enable your employees to communicate, transfer, and store documents safely today.

Top 5 Email Security Risks in 2019

Once again, we are confronted by a fact: email is not secure. As invaluable as email is, malicious actors look to its weaknesses to take advantage of users, and the threats are growing in sophistication.

According to the Email Security Risk Assessment (ESRA) quarterly report released by email and data security company Mimecast, these are the top # email security risks in 2019.

#1 Spam

While one kind of SPAM may be detrimental to your arteries, the other kind targets your email and attacks your identity and privacy. ESRA looked at some 319,000 email users over the course of a little more than five years.

In this time, they identified more than 26 million spam emails. The report notes that spam is generally just annoying. However, in that larger number of annoying emails, there were many truly damaging and malicious emails. 

#2 Dangerous File Types

The report identified more than 25,000 files that were malicious. It’s important to note that these emails with attachments were approved by organizations’ email security systems. These emails contained attachments that, when opened, install systems detrimental to the user and/or organization. Such files include programs (.exe), source files (.src), and Java service pages (.jsp).

 #3 Malware

Malware is software that gains unauthorized access to a computer and causes that device harm. The ESRA found that over 27,000 emails contained malware. Yet again, these emails made it past the organization’s existing security. Malware has become increasingly sophisticated. Past methods to detect malware are sometimes unable to find this new more targeted and deceptive software.

[Related: Email Security: Best Practices for Your Organization]

#4 Impersonation

Impersonation attacks generally try to buy credibility by assuming the identity of a trusted entity. Name recognition causes users to let down their guard, and the impersonation attack succeeds in its deception. Oftentimes, these emails enlist the user to send sensitive documents, transfer money, or otherwise divulge valuable information. ESRA found over 55,000 of these attacks. These scams have even targeted university students.

#5 Sinister URLs

The report also found more than 460,000 or 1 in 69 emails containing a malicious URL. This leaves organizations and employees vulnerable to malware, spyware, or ransomware. Businesses can hardly be thrilled about assuming this level of risk.

[Related: Is Dropbox Really Secure for Your Business?]

Top 5 Email Security Risks in 2019

In light of the top email security risks in 2019, we hope it has become evident how truly un-secure email is. All of the emails analyzed by in the report were already being screened for malicious activity, yet several millions of malicious emails made their way into employees’ inboxes.

Trustwire’s remarkably simple browser-based platform enables your employees to share documents and messages without compromising your organization’s security. Sign up today if you’re interested in the safest way to transfer files online.

Email Security: Best Practices for Your Organization

From Microsoft to the Democratic National Committee, email security seems to be tenuous, at best. Not only are large-scale organizations vulnerable, but personal email accounts as well.

John Podesta fell prey to a phishing scam in his email, and Colin Powell’s personal opinions became public knowledge after his email was hacked and leaked. 

With email so seemingly open to attack, many wonder what are the best practices for email security for their organizations and personal lives.

Email Is a Target

Many do not consider email as the primary target of hackers looking to access information. Email is the point of entry for something bigger: bank accounts, servers, etc. However, data contained within emails frequently are the target of hackers. 

Think about this: how often does your organization use email to plan or record strategy, culture, and actions? Now, imagine handing this information over to a hacker? 

You wouldn’t do that, yet email susceptible to hacking makes that a very real possibility.

Why Secure Email?

Because email is such a common form of workplace communication, organizations must secure it if they want to secure their data. 

With BYOD becoming more commonplace, and the added issue of IoT, organizations are at a loss to find a simple solution to all their digital security problems.

So, while an organization-owned computer may be secure, an employee’s personal computer may not be. Given how work seems to take place both in and out of the office, secure methods of transferring sensitive files and communications need to be found. 

Historically, the complex nature of email security has muddied the water when it comes to best practices.

Email Security | Best Practices

Strong Security

Email has its advantages for file transfer: it’s portable, easy to use, and ubiquitous. 

Unfortunately, solutions to secure it tend to fail for two reasons: either they’re too difficult to implement or they’re not actually secure. 

Trustwire offers the robust security of AES 256-bit and RSA 4096-bit encryption. We also don’t have the access to or the ability to decrypt the files you send and/or store.

Easy to Use

We wanted to create something that is extremely secure but also easy to use. Our web-based portal keeps things easy. 

Simply create an account, login, and begin sharing files securely. Clients and colleagues do not have to download any apps or programs to access the files.

Use your email, but when the transfer of sensitive or confidential data is required, look to Trustwire.