GDPR got everyone thinking about data security. The prospect of being slapped with a €20 million fine is enough to make even big businesses question their digital security. Keeping your files and digital data secure is a real challenge, given the sheer complexity of the process and the amount of risk factors and other variables. For many businesses, the key to true security is not only improving data protection procedures, but also eliminating practices that produce unnecessary risk.
In 2018, data must be shared. It’s an important part of any internal and external operation. Successful protection of shared digital data requires secure communication channels, but many businesses are still using archaic or under-optimised platforms.
Over half of UK businesses are affected by hacking every year, through either direct attacks or connections to businesses that have been attacked. With so many brands under attack, your business may also be a target. In this cynical world of dodgy digital security and potential fines reaching into the millions, how can you make sure your organisation is sharing data securely?
Kill the Fax Machine, But Not the Fax
Nearly 50 million fax machines are currently active around the world, pumping out billions of faxes a year. The fax as a data sharing format remains a necessity for a number of reasons. Primarily, businesses still use it for sending contracts and other documentation that require signatures or have legal implications. In industries where documentation is vital, such as legal, pharma and healthcare, government and public services, etc., the transmission of legally binding files is critical — it’s also critical that documents are sent quickly and efficiently, hence the use of instant transmission through fax.
However, fax machines have risks associated with them, which include:
- The Fat Finger Problem
Faxes work through assigned numbers, much in the same way as telephones. As we’ve all experienced, there is the hazard of dialling a wrong number. Submit an important file through fax, but accidentally type ‘8’ instead of ‘9’, and you could send documentation to the wrong place entirely. This is not only a major concern for issues such as business and customer confidentiality, but may also place you in direct contravention of GDPR compliance.
- Accessibility of Files
If you send a file through a fax machine, it may come through to a device in an office space that is openly accessible. Your confidential data has just been transmitted and now resides in a tray beside the machine where, realistically, anyone could access it. This presents a real situation where unauthorised individuals could view sensitive and important information, another potential GDPR compliance breach and a risk for leaks or the manipulation of legal documentation.
Fax files enjoy some protection that emails don’t. In order to hack a fax, you need to be monitoring the unique fax line that is being used at the exact time the document is sent. However, if that line is being monitored, and the fax is intercepted, the file has no encryption. This means hackers can easily access and view it. In the modern era, encryption is essential for secure file transmission, and something the fax machine is just not capable of providing.
It’s clear that fax machines present problems, but faxing is essential for document sharing in many industries. This puts businesses in a difficult situation. However, there is an answer. Online faxing, otherwise known as cloud-faxing, is the 21-century solution to an archaic problem. Online faxing enables businesses to send and receive faxes through digital platforms rather than using fax machines. Using specifically-designed software, organisations can create legally-binding signatures using touchscreen technology, improve security by controlling access to documentation via logins and data encryption, and avoid the potential risk of sending files to the wrong recipients by transmitting them through premade contact databases.
Be Cautious of Emails
Many businesses rely on emails as their primary source of digital file transfer. Globally, we send nearly 300 billion per day. A staple of communication for over a decade now, the humble email is easy, quick and used universally. Sending anything from a document to an invoice is generally done over email — it’s just the standard.
But emails have vulnerabilities. You only have to look into very recent history to witness some pretty staggering, and costly, email hacks:
- Sony Email Leaks
- The HBO Hack
- Yahoo Announces 1 Billion Accounts Breached
- The Hillary Clinton Scandal
These are high-profile examples, but, on the small-scale, danger is still very much present. One in five UK firms will be the victims of hacking attempts this year, with many targeting emails as a way of harvesting data or gaining access to deeper systems.The problem with emails is in their very nature. They are popular, they are accessible and they are owned by everyone. It doesn’t take a lot to become complacent with passwords. More often than not though, email security comes down to the service provider. Certain options carry more risk than others. The use of free platforms, like Gmail, Yahoo and Microsoft and so on, present dangers because of their popularity. Hackers know the work-arounds, bugs, weaknesses and phishing tactics. In response, many businesses opt to manage their own email servers, but as breaches in recent years have proven, these servers often don’t have extensive enough security protocol to repel attacks. So where is the line?
Businesses looking to secure their email transmissions and should look to alternative providers, those that offer high-level encryption and security while still being on a small enough scale not to be easily targeted like the giants of email. Services like ProtonMail and MailFence offer highly-secure alternatives to standard services. Of course, for businesses this will require financial investment, but it’s an investment worth making to secure data transmission.
Forget about USBs and Portable Hard Drives
In the world of data sharing and, by extension, data theft, physical platforms are a huge risk. The issue here comes down to nothing other than human error, an unfortunate, but influential, factor in terms of keeping data safe. Putting files on USBs and portable hard drives for the purpose of sharing leaves you with an ever-mounting series of problems:
Series One: The Office
Security troubles begin in the office. Like faxes, USBs and hard drives can be left out on the side. Easy to access and easy to view or manipulate, they can also be misplaced, damaged or removed by authorised personnel.
Series Two: In the Field
We’ve all heard of high-profile cases, including the security documents pertaining to terrorism left on a train and files being left in a police car that was then stolen. Leaving a bag behind with a drive within it storing sensitive files can be a devastating blow to a company and result in legal action, but it’s all too easily done.
Series Three: External Locations
Once you hand over a physical platform containing your data to another party, say a partner business, you give them control over information that is your responsibility to protect. They may lose it, damage it or even accidentally leak it, but you will suffer the consequences of their mistake.
Complacency is the biggest concern in the physical movement of files. However, training can only go so far and mistakes can be, and often are, made. Given all that can go wrong, the use of hard-copied data should be avoided by businesses, in favour of digital file transfers.