WARNING: Sending Sensitive Information via Mail, FedEx Is a Security Risk

Subscription Options

Subscribe Magazine

Subscribe Newswire

Widgets & RSS Feeds

Last month Lincoln Medical and Mental Health Center of NY suffered an embarrassing data breach after a weekly shipment of compact disks (CDs) went missing while in the custody of FedEx. The CDs were being transported to the hospital from its billing and claims partner, Siemens. More than 130,000 medical records were exposed.

A similar incident occurred at Lampeter Medical Practice in Wales after a USB stick containing 8,000 patients’ medical details was lost in the mail. Two DVDs containing personal information on two Lorillard Tobacco staffers also became lost in transit. The package went missing after being picked up by a major transportation carrier from the offices of the company’s benefits consultant, Towers Watson.

These recent examples can be added to a list of more than 134 data breaches resulting from information being shared through mail services. The list was compiled by the Open Security Foundation, DataLossDB.

Despite the known risks, it is startling to see that a vast number of organizations large and small, and across a broad variety of industries, still believe it is okay to ship, via mail or overnight courier, portable media such as CDs and thumb drives containing confidential information as part of a standard business process. It is not okay.

Simple to use and relatively inexpensive, USB sticks/thumb drives and DVDs/CDs have become frighteningly common vehicles for transferring data in many organizations. However, as seen over and over again in the headlines, these highly portable devices can quickly turn into a security nightmare. While advances have been made to allow encryption of thumb drives, the inability to monitor what information is copied onto devices, and track where the devices go after leaving an enterprise, makes achieving compliance nearly impossible.

Fortunately, significant advances have been made in digital file transfer technology that make sharing information quick and easy, and most importantly, secure. The availability of secure file transfer solutions removes the need to use portable media such as thumb drives, CDs and DVDs for transferring data. At Accellion, we work with corporations around the globe, helping them implement systems to prevent data leakage at the file-transfer source. To avoid exposing an organization to security and compliance risks at the file transfer source, here are some important tips that we recommend companies consider when selecting a digital, enterprise-level secure file transfer solution.

1. Pick a business level solution. There is a difference between corporate and consumer file transfer offerings. If you are an enterprise customer, look for an enterprise file transfer solution. There are distinct differences in the level of security needed for enterprise vs. consumer file transfer and the different offerings reflect this.
2. Outlaw individual personal file transfer accounts. They are non-compliant and put enterprise information at risk for a security breach. For example, individual accounts on solutions such as YouSendIt do not allow corporate visibility into information that is being sent. Information cannot be tracked and there are no audit trails, making it impossible to document conformance with compliance mandates.
3. Secure your data. Accept no less than business-level security. Automatic encryption and authentication check points that validate recipients provide an added level of security to show that confidential information has not been shared and exposed.
4. Avoid IT overload. Pick a solution that easily integrates into your existing IT environment and requires minimal IT administration. Look for an “install and forget it” application solution with no file size limitations; one that doesn’t require constant IT support for account creation, administration, and doesn’t create IT support headaches such as decryption software or security keys required for every recipient—a perfect example of why FTP and SFTP are not the answer.
5. Make it easy. It is best if secure file transfer is integrated directly into email applications, online chat, web conferencing software and/or standard Web interfaces. If a solution is not easy to use, users will find alternative means for sending files, often inadvertently creating data security loopholes.

Given the increase in data breaches associated with sending information via mail and FedEx, it is important that organizations understand the benefits associated with deploying an enterprise-level managed file transfer solution.

—

About Yorgen Edholm

Yorgen Edholm is a Silicon Valley veteran with 25 years of Enterprise Software expertise. Edholm co-founded Brio Technology and during 12 years as CEO, took the company public and grew it to $150 million in revenues with over 700 employees and a customer base of over 5,000 organizations. In addition Edholm was President and CEO of DecisionPoint Applications, an Analytical Applications company. Edholm has served on several public and private company boards including most recently Hyperion (sold to Oracle), I-many, Resilience, Verix and Saama.