Safe information transfer is a must for modern organisations, but not all secure data transmission methods are equal. Here we explore the options available to you.
A significant issue facing businesses is implementing secure data transmission methods when sending and receiving confidential, sensitive or proprietary information.
Certain sectors have to comply to regulations which require that businesses that transmit data securely. For example, health based organisations must comply to the requirement of HIPAA. However, all businesses must consider secure transmission methods. This will help prevent data theft and loss of sensitive data or intellectual property.
The most obvious solution is, of course, encryption. There are various ways to transmit data be it in the form of email, file shares, dedicated software or services such as VPN’s or external media such as USB drives.
IT teams must be aware of the type of encryption in use.
Let’s talk about Encryption
The most basic form of encryption for data in transit is TLS. This is used in web-based email services and other website services. The sending and receiving servers must be configured correctly for this to work. The only data that is encrypted is the data in transit.. The message itself is not though.
The strongest encryption algorithm currently available. is the Advanced Encryption Standard (AES) 256. AES is the accepted standard based on NIST guidelines. It an be used in 128, 192 and 256 bit variants. If your business is more concerned with encryption speed and resource use, AES-128 or AES-192 can be used. Organisations with the most sensitive data to protect should opt for AES-256.
When considering encrypted email, options include public key infrastructure (PKI) and Secure/Multipurpose Internet Mail Extensions (S/MIME). PKI requires an exchange of keys used to unlock encrypted messages, and this process has been simplified with Outlook/Active Directoryand G Suite Enterprise, all of which will automatically store and exchange digital IDs or certificates purchased from a certifying authority to enable encryption.
Even so, the process of sending encrypted emails can be tricky. The rules of G Suite must set properly for this to work. Similarly, Outlook users can enable S/MIME encryption certificates and digital ID certificates manually. However, a more automated approach would require a Microsoft 365 subscription. You could then use Microsoft 365 Message Encryption to send encrypted emails to both Outlook and non-Outlook addresses.
Email encryption is difficult to implement. Software and services are available to help with secure data transmission. Cloud storage services, like Box, OneDrive and G Suite, will encrypt data at rest and data in transit, but the service provider still holds the encryption keys. This leaves the data at risk to insider threats at those companies.
The most secure option is end-to-end encryption (E2EE), where even the service provider cannot decrypt data shared through it.
For smaller organizations, an E2EE messaging service, like Signal or Wickr, may be sufficient. But, for larger organizations and those needing to meet regulatory compliance mandates, a managed file transfer service might be the better option.
Remote users present an additional security risk because they are often communicating between their home and an organization. This means they not only need to be aware of secure data transmission requirements, but also other infosec risks associated with remote access to confidential information.
To secure communication with remote users, one option is to install a VPN on employee devices. The VPN will encrypt all the data sent between its users. An emerging option for remote workers who need access to cloud services is Secure Access Service Edge, or SASE. This uses a combination of technologies when deployed. These include software-defined WAN, secure web gateways, cloud access security brokers and zero-trust network access. Consequently, this ensures secure connections to cloud services.
Physical devices are not good options with which tio transmit data securely. Encryption can help protect data on a laptop or other portable devices. Additionally, it is not uncommon for organisations to ban the use of USB drives or other removable storage technology.This is because of malware infection and data theft risks.
As employees work remotely more often, another threat to sending data securely becomes the wireless networks they connect to. Unsecured wireless networks are significant points of vulnerability and open up organisations to threats. Employees should only connect to known, trusted networks and those secured with passwords.
Do you need help with your cyber strategy? Do you have a policy for transmission and methods of encryption?
Call us today on 03333 22 1011 or contact us via our web site here.