Earlier this month, independent news platform Patch reported that Neiman Marcus, a department store chain in the US, has finally agreed to a settlement for their 2014 data breach. They’ll need to “pay $1.5 million and adopt measures to prevent hacks,” measures that include the encryption of card data, the use of “industry-accepted payment security technologies,” and the auditing and reporting of activity.
The original breach compromised over a quarter million of customers’ credit or debit cards.
While the Neiman Marcus data breach happened years ago, their failure to keep data safe from hackers and malware has harmed users perpetually (almost 10,000 cards were used after being stolen). And while data breach fines are often monetary, the request that Neiman Marcus fix the problems that led to their breach shows a valuable shift in breach prevention: it’s no longer enough to pay the fines. Poor cybersecurity strategies must also be improved to safeguard sensitive files in transit and at rest.
Modern cyber incidents prove, again and again, that cybersecurity strategies and policies in industries like retail, healthcare, and even the public sector are not making progress fast enough. The threats and pitfalls organizations faced in the early 2010s are the same issues we’re facing in 2019: issues like malware, unencrypted data, spear phishing scams, and weak passwords.
Forbes reports that companies expect to “spend $93 billion” collectively on information security this year. “They keep pouring tons of money into protecting the network,” the author states, but “the real crown jewels … are in the data that sits behind the network walls. That data is often not protected.” That means there’s an increased interest in good cybersecurity practices, but organizations aren’t spreading that interest equally between their internal and external networks.
It’s not enough to lock the door. An organization’s crown jewels should also be kept in a vault. This ensures that even if someone gets inside, they won’t be able to heist their actual target.
In this case, the jewels are valuable customer information. The vault is encryption. And the security guard that puts the jewels in the vault is a type of cybersecurity solution called managed file transfer.
For a strategy that protects sensitive data and file transfers both in transit and at rest, we recommend using managed file transfer (MFT). MFT solutions already have a base foundation that, at minimum, keeps data secure and compliant with data security standards across the US and Europe. These standards include HIPAA, HITECH, PCI DSS, SOX, and the GDPR.
At its core, MFT is a type of solution organizations can use to meet their inbound and outbound file transfer needs. It uses industry-standard file transfer protocols (like SFTP, FTPS, and AS2) to send files securely in transit and uses encryption standards (like OpenPGP and AES) to protect data in transit and at rest.
The “managed” in managed file transfer refers to how the software automates and streamlines the exchange of data for you, thus reducing manual processes and eliminating the need for any legacy tools and scripts you might have. Data (including documents, images, videos, and other files) can also be exchanged via MFT across your private networks, systems, applications, partners, and cloud environments from a single point of administration.
To learn more about MFT and how it differs from other file sharing tools, read this article.
MFT software isn’t just for sending files between users and systems. It comes with many features and modules that can be used to automate processes, ensure secure connections, track file transfer activity, and more.
Here are a few key features available in most MFT solutions that can help you avoid a successful data breach:
Unfortunately, most organizations suffer a data breach because their internal files and data are not encrypted. The recent Marriott breach, for example, exposed over 5 million unencrypted passport numbers. Other breaches happen because of how files are shared. An email that contains an unencrypted file, for example, could cause a breach.
MFT solutions use integrated encryption technologies like OpenPGP, SSL, SSH, and AES to secure sensitive data. Most also include a key manager that allows you to create, import, export, and manage your keys and certificates within the product.
User errors and manual processes can also cause data breaches. By automating the encryption and exchange of sensitive files, processes and workflows will run without user intervention. This is especially useful when dealing with a high volume of file transfers. With automation, files will get where they need to go (whether its trading partners, remote locations, or even the cloud), and every file will be encrypted out of the gate.
Note: Wondering about ad-hoc file transfers? Some solutions, like GoAnywhere MFT, also offer a secure email module that allows users to send one-off file transfers through a secure HTTPS connection. So while an ad-hoc file transfer is not automated, it’s still secure.
Managed file transfer solutions support auditing and reporting for compliance needs. All file transfer and administrator activity is stored and easily searchable. For organizations that need to report on file transfer activity to remain compliant with regulations and laws, the audit logs can be generated and distributed as PDF reports. This can be scheduled on whatever basis is required by your company’s leadership or business partners.
These managed file transfer features can help you protect your files—and there are many more to learn about. For further information on using MFT as a cybersecurity strategy for data breach prevention, check out our guide: Developing the Right Strategy for Data Encryption.
There are five steps we recommend taking to get started on incorporating managed file transfer into your cybersecurity strategy:
A data breach isn’t written in stone for your organization. Don’t become the next statistic. Make 2019 the year you add managed file transfer to your cybersecurity strategies!