There are many file transfer solutions out there in the marketplace that say they are secure, but are they? As with so many things in life, the answer is, “It depends.”
There are many great applications that are effective for sharing your personal holiday photos, your family recipes and for transferring your daughter’s massive social studies project from one computer to another. At a consumer level, these are great products. The key words, of course, are “At a consumer level.”
When it comes to business needs, many of these applications will leave you vulnerable. And we all know that vulnerable is a criminal’s favorite word.
Sure, those applications make it easy to share files and collaborate, but consider the risk as a business. Simple file sharing solutions give no visibility to IT administrators, offer limited data encryption and they place a lot of trust in the public cloud.
The considerations for a business are so much more than just function.
Transfer encryption, storage encryption and password protection – these are pretty much the standard in the industry. An important question to ask when choosing a secure file sharing solution then is, “How does this company handle their encryption keys?”
Rotation of encryption keys is a best practice. SendThisFile takes that a step further and uses unique keys for every transfer. That’s right, encryption keys are never re-used. The keys are only valid for the life of the data. In addition to that, SendThisFile doesn’t store encryption keys.
Also consider whether your information itself will be backed-up or stored offsite. Remember that in some file sharing services, even when you “permanently” delete a file, they remain on the host company’s servers. SendThisFile has a deletion process unlike any others. When you delete a file, it is really deleted. And we’ll even do it automatically so that you don’t have to. Make sure the service you’re considering for your business can say the same.
Occasionally, the disk your sensitive information resides on may become unwritable and the files unable to be deleted. When or if this happens, do they just toss it in the dumpster? We follow guidelines published by National Institute of Standards and Technology (NIST) and the Department of Defense (DoD) to destroy the disk.
With SendThisFile, advanced administrator controls give you a high level of visibility. Audit reports of your account allow you to know how many files are being sent, where they are being sent and by whom, tipping you off to any unusual activity in your system. There is also the ability to whitelist or blacklist domains, manage your users logins, and limit where files can be sent.
What additional data loss prevention measures do they take?
A few additional measures to consider are vulnerability scans, penetration testing, and system isolation. Here’s where we stand:
Vulnerability scans and penetration testing – on a regular basis, we proactively look for security vulnerabilities to determine if our system can be exploited or threatened. We are always looking for new ways to keep your data safe and secure.
System isolation – In simple terms, your data is always encrypted in transfer and at rest and the encryption key to unlock that data is actually derived from multiple sources, but never stored. These data sources for the life cycle keys are maintained in a completely separate data center from any files being transferred.
Do they do background checks on their employees?
At SendThisFile we believe in transparency. And for us, that security measure goes all the way to our hiring practices. A bank wouldn’t hire someone with a history of embezzlement or theft. We don’t either. We hold our employees up to the same standards as financial institutions by requiring an OFAC background check. (The US Treasury Department’s Office of Foreign Assets Control)
The standards for your industry
Depending on which industry you call home, there are varying rules that must be followed when it comes to sensitive data. That may include SSAE-16, FIPS 140-2, HIPAA, EU Safe Harbor and the Sarbanes-Oxley Act. We stay current on the latest regulations because our customers deserve it.
Because SendThisFile is a secure file transfer service, using end-to end encryption, not a file storage service, we are able to meet the stringent security needs of some of the most security conscious industries like legal, healthcare, finance, and governmental. So, if you fall into one of these industries or you have customers who do, finding a secure file sharing solution that even a bank would use gives your customers another reason to place their trust in you.
Stop sending files insecurely!
Schedule a demonstration today with Zach Downs, a highly qualified Solution Sales Specialist. He’ll make sure your SendThisFile implementation meets your industry requirements and has room to grow. Call (855) 736-3844.