» 

Blog

USPS Eliminates FTP, Requires Secure File Transfers via SFTP, AS2 or PDX

Early this year, the United States Postal Service (USPS) announced the elimination of FTP (File Transfer Protocol) from their business practices and policies—a change that strengthens the security of their data transmissions and addresses recent audit findings.

What does this mean for you? The change is still in transition for now, but after August 31, 2017, mailers and shippers will need to send data to the USPS using one of the following secure communication methods: PDX (Parcel Data Exchange), SFTP (Secure File Transfer Protocol), or AS2 (Applicability Statement 2). This applies to SSF, EMM, BPOD, DEXTRO, and ERR files.

Any of these approved methods will work. The USPS lists PDX as preferred, allowing business customers and third-party vendors to use PDX through their web application. But for those who can’t or don’t want to switch to PDX, SFTP or AS2 are just as secure, cost-friendly, and easy to implement.

Are you in the market for a solution that supports SFTP and AS2 protocols? GoAnywhere MFT offers both of these in a managed file transfer solution that’s affordable and intuitive. Connect to Secure FTP servers (including SFTP, FTPS, and SCP) for protected communication, or send AS2 messages with multiple file attachments. However you want to do it, we’ve got you covered.

To see how GoAnywhere MFT can meet these new USPS policies and save your organization money in the process, request a demo.

 


How Does MFT Work?

Compared to using a variety of standalone  FTP and SFTP tools and scripts, managed file transfer (MFT) technology allows professionals to streamline how data is transferred. Managed file transfers help organizations send and receive files in their cloud and private networks, create and control workflows, automate file transfers, and centralize management from a single system.

The why behind using an MFT solution makes sense. It reduces costs, improves the quality of your data transmissions, and helps you meet stringent data security compliance requirements. It also simplifies your system-to-system, user-to-system, and user-to-user file transfers—and keeps security at the forefront of everything it does.

The what of a MFT solution is fairly straightforward. Managed file transfer solutions are a type of software that use industry-standard network protocols and encryption methods to streamline the management of company data. What does “managed” in managed file transfer mean? It refers to how the solution can automate and transfer your data across your organization, network, systems, applications, trading partners, and cloud environments from a single, central interface.

So we know the what and why of MFT solutions, but we haven’t discussed the how of MFT solutions. How do managed file transfers work, and how do they affect you?

Step One: Original File is Sent from the MFT Program or Plugin

Say you need to send a confidential document to someone in a remote office. Maybe it’s a seasonal restaurant menu for another retail location, maybe it’s an audit report for a trading partner, or maybe it’s a financial document for a homeowner. Whatever the scenario, you can send the file to a third party by using an MFT solution.

The file’s journey from you to your recipient can start in many ways. You can:

  • Securely send the file through a MFT email plugin
  • Send it through a web client (access to the MFT solution from a browser)
  • Automatically sendit directly through the managed file transfer workflow
  • Place a file in a dedicated folder that the recipient can connect to securely for download

Whatever method you choose to send your file, MFT ensures the data is transferred quickly and securely.

Step Two: Your MFT Solution Encrypts the File

After you send the email, upload the file to your browser, or drop it in a monitored folder, your MFT solution receives the data and secures it in a few different ways. MFT can encrypt your files using FIPS 140-2 compliance AES ciphers or the Open PGP standard, among others. To protect your file transmissions, MFT can use SFTP, SCP, FTPS, AS2, and HTTPS protocols to encrypt the data you send. And an MFT solution like GoAnywhere MFT allows you to zip compress files before transmission.

Once your data is properly protected, you can also use your MFT solution to schedule file transfers, translate sent and received data to popular formats like Excel, XML, and JSON, update and pull files from monitored folders, and more.

Step Three: Encrypted File is Delivered to the Recipient & Decrypted

When the file leaves the MFT server, it is sent to whatever location you indicated for the recipient, whether that be a designated folder on a server, email address, or so on. The recipient at the remote office can then grab the file, decrypt it, and even translate it as needed.

For peace of mind, MFT solutions often include audit logs that store and track crucial audit information. This helps with PCI DSS and HIPAA compliance, but it also allows you to track the movement and activity of the file that occur once it leaves you, so you never have to wonder if the transfer was successful, if it failed, or whether or not the file was even opened.

If the recipient has a file to send you, they can repeat the process, starting the journey all over again!

 

Still curious about MFT solutions and if they’re right for your business?
You can learn more about the benefits of an MFT solution in our FREE whitepaper:

Beyond FTP: Securing and Managing File Transfers

 

 

 

 

 


Introducing Kathryn Anderson from Backbone Consultants

July is fast approaching, and with it our latest webinar on cybersecurity, Lessons from the Field: 7 Steps to Proactive Cybersecurity. This engaging, hour long session will cover seven lessons organizations should use to build security awareness and protect sensitive company data.

Who’s speaking? Expect powerful discussion between Bob Erdman, Security Product Manager at HelpSystems, and a very exciting guest speaker—Kathryn Anderson of Backbone Consultants.

Meet Kathryn Anderson

Kathryn Anderson is a Senior Manager of IT Risk and Compliance. She comes to Backbone Consultants—and our webinar—with over a decade of relevant business and security knowledge.

As part of her role in IT Risk and Compliance at Backbone Consultants, she consults with businesses on needs they have and identifies security opportunities they may not realize they have. She helps them “understand what their risks are as an organization from a reputation standpoint, from a financial standpoint, from an operations standpoint, and find those opportunities they may not be looking at.” By studying the whole picture, she can give each company a complete overview of their institution and make suggestions for improvement.

We recently had the opportunity to sit down with Kathryn Anderson and learn about her background and security goals. “I started my career in Identity and Access Management. I fell into it and found, very quickly, that I absolutely loved it,” Anderson told us. “There are so many components of security that help organizations and their customers keep data safe, which is what attracted me to security as I delved into the Identity and Access Management part of it.”

Anderson’s first introduction to security was at TCF Bank, where she worked in an Identity and Access Management role doing user attestations and term and transfer lists. As her responsibilities evolved, she began to identify areas where the security department could use tools to automate business processes, like employee termination from central applications.

Finding these opportunities for improvement helped Anderson understand the importance of developing strong cybersecurity practices. “The purpose of this job really has a lot of value. If you have a system ID that’s just sitting out there and isn’t being used, and a terminated employee has access to some sort of information, it could put your data at risk. Understanding what security was helped elevate my career path,” she said.

After seven years at TCF Bank, Anderson accepted a position in Risk and Governance at General Mills, where she spent a majority of her time developing programs on Security Awareness and Third Party Vendor Assessment. She focused on security education, too, ensuring General Mills employees not only understood security best practices, but also felt empowered to protect data at work and at home.

Kathryn Anderson’s passion and interest in business security makes her a valuable guest speaker, and we’re excited to hear more from her in the upcoming weeks. She’ll also share her thoughts on the importance of proactive cybersecurity during our July 26 webinar. The event is open to everyone, but it should especially interest those who want to learn how to implement a security awareness program or manage resources in their organization.

About Backbone Consultants

Located in Minnesota, Backbone Consultants has provided clients with end to end cybersecurity services and compliance since 2008. Their services include IT audit and compliance, cybersecurity, data privacy, and technical training. Comprised of a strong professional team, Backbone Consultants work with companies to tackle business needs and identify areas of improvement in how they develop and manage their IT assets.

You can learn more about Backbone Consultants at their website.

Webinar Details

July 28 Update: Even though the webinar has passed, you don't have to miss out! Watch our on-demand webinar recording now.

Lessons from the Field: 7 Steps to Proactive Cybersecurity

Wednesday, July 26, 2017

11 am - 12 pm CT

 


7 Steps to Protect Yourself Against Corporate Spear Phishing

Anyone with an email account is used to spam. It happens one day: you get that first unsolicited email, and then a flood of ads, flash sale offers, and foreign bank transaction requests rushes into your inbox. In that moment, the battle for your virtual sanity begins.

But while spam emails are mostly harmless—you tend to see them from a mile away and respond accordingly—spear phishing emails are dangerous, and they’re harder to detect.

What is Spear Phishing?

In general, phishing is the practice of sending fraudulent emails from what appears to be a trusted sender in your organization, like a family member, bank institution, or business you frequent (eBay or PayPal are two good examples of this). Phishing and spear phishing attacks both follow this practice, but the similarities end with the strategy they use to get your information.

Regular phishing attacks trawl the waters with a wide net, hoping to catch whoever falls for their scam. Spear phishing emails, on the other hand, target users that have specific access to the information hackers want. These users could be accounting employees, executives, or IT professionals.

Spear phishing emails are tailored to look, sound, and feel legitimate. The messages they contain generally include a grab for confidential information, like a link you can follow to change your password, a downloadable attachment, or a request for sensitive employee data. Regardless of what form it takes, if you follow the email’s instructions, your computer and organization are immediately compromised.

Spear Phishing Affects Everyone

The number of spear phishing attacks on organizations climbs every year. Cybersecurity growth has spiked to anticipate these security concerns, but that doesn’t mean companies who follow best practices are protected from a potential attack. Employees can fall victim to these scams without ever realizing something is amiss, and the repercussions of a single instance of infiltration? They’re crippling.

Spear phishing attacks affect a multitude of industries. According to InfoSec Institute, top industries targeted by these attacks in 2014 and 2015 include logistics, retail, public administration, finance, and services. What’s worse, a successful attack can cost a company, on average, $1.6 million. This is no small amount of damage.

Are you confident your business is secure enough to shut down potential phishing attacks? Think again.

In 2014, the Carbanak Breach impacted over 100 financial institutions and cost them around $1 billion. According to Kaspersky Lab, who investigated the breach, “The attackers used spear phishing emails [to infiltrate the bank’s intranet], luring users to open them, infecting machines with malware. A backdoor was installed onto the victim’s PC based on the Carberp malicious code, which, in turn gave the name to the campaign — Carbanak.

Seagate Technology was affected in a similar way in 2016. Through an email that looked like a request from the CEO, all W-2 forms the company had were stolen, compromising Seagate employees in more ways than one. And the heartache could’ve been avoided with a few extra, precautionary steps.

How to Protect Yourself against Spear Phishing

If you’re concerned about the danger of spear phishing attacks or looking for ways to make your environment more secure, we suggest you implement these seven steps in your company. They may help stop a potential attack before it can begin.

1. Keep your systems up-to-date with the latest security patches

Check your operating system frequently for the latest security patch releases. If you’re running Windows, Microsoft is always updating and promoting their security patches, especially if they foresee a new security concern and want to fortify their users. This is also true of unsupported versions, like Windows XP, if there’s enough risk to warrant an update.

Like Microsoft, Apple, Linux, AIX, and VIOS operating systems also have security patches. New ones are released as industries rise to meet and predict new phishing attacks, so keep your systems (both customer-facing and internal systems) up-to-date and install new security patches whenever possible to avoid gaps in protection.

2. Encrypt any sensitive company information you have

File encryption is a good way to protect sensitive company data from prying eyes. With the right tool or solution, the files you send to your systems, cloud environments, trading partners, and remote locations will be secure, making it difficult for outside parties to decrypt your data even if they get their hands on it.

What should you encrypt? Here are just a few examples that limit the amount of damage a spear phishing attack could do to your organization:

  • Hard drives
  • Cloud storage
  • Passwords and security questions
  • Internet activity (using a VPN or masked IP address)
  • External storage (USB drives, external hard drives)
  • Files (business contracts, audit reports, tax documents)

managed file transfer solution can encrypt your files at rest and in transit using modern, secure encryption methods. Good MFT software helps ensure that you stay up-to-date as encryption standards change over time, while making your data transfers simple to manage and audit.

3. Use DMARC technology

You’d think, in this day and age, that emails received from an address you know would be trustworthy. After all, you get emails from AwesomeCoworker@company.com all the time, which means even the suspicious emails are safe to answer. Right? Wrong. Far too often, hackers are able to spoof the FROM field of an actual email address, such as JoeSmithCEO@company.com, and send a message with that address to company employees.

Because these spoofed emails look real and cause successful spear phishing attacks, DMARC (Domain-based Message Authentication, Reporting & Conformance) technology uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to analyze incoming emails against its database. If the email doesn’t match the record for the sender, DMARC rejects it and submits a report to a specified security admin.

Patrick Peterson is a visionary leader at Agari, a company that prevents cyber attacks and secures email for Fortune 1000 companies. He addressed the growing need for DMARC in a recent data security panel: “A very important aspect in email security is making sure your email provider uses technology like DMARC. It's the only email authentication protocol that ensures spoofed emails do not reach consumers and helps maintain company reputation. Top tier providers like Google, Yahoo, Microsoft and AOL all use it to stop phishing.”

Despite the obvious benefits of using email authentication technologies, DMARC and other protocols like it are not foolproof. Google fell victim to a successful spear phishing attack in May 2017 when hackers sent emails containing fraudulent Google Doc links to Gmail users. Though Google reportedly stopped the attack within an hour, the damage was still felt. Over a million accounts were compromised.

While we still recommend implementing DMARC into your email, consider it but one of many tools you should use to secure your data, users, and company. It’s just safer that way.

4. Implement multi-factor authentication wherever possible

Many businesses have implemented multi-factor authentication (MFA) into their security routine. Some, like Google, allow their customers to turn on MFA as a precautionary measure. Others require clients to enter a sequence of personal details to access their account.

So why not use MFA to protect your data?

Multi-factor authentication is a simple way to ensure anyone who accesses your private data is legitimate. How does it work? It requires at least two pieces of identification, like a login and randomly generated token, that makes it infinitely harder for hackers to compromise your systemseven if they have half the information needed to get in.

If we lived in a perfect world, user passwords and security questions would always be secure. But in reality, employees recycle passwords across multiple websites and overshare personal data on social media, compromising the integrity of their logins and security questions.

So really, implement MFA wherever you canat work and in your personal life. At the very least, it’ll give you an extra layer of protection against spear phishing and other potential data breaches.

5. Make cybersecurity a company focus

Is cybersecurity a focus in your organization? It should be. When security is forefront in your mind and the minds of your employees, better decisions are made and more precautions are taken, enabling you to prevent spear phishing attacks before they become a concern.

Here are a few ideas to get you started:

  • Document and send internal security procedures to your employees.
  • Create a cybersecurity policy and data breach response plan for your organization.
  • Schedule quarterly meetings with key players to review the latest spear phishing attacks in the industry.
  • Identify potential spear-phishing targets, and brief them on the actions they should take if they receive a questionable email.
  • Review employee roles and access regularly, including third party vendors, partners, and those in remote offices. Make adjustments as necessary.

6. Educate your employees and regularly test their knowledge

Over 90% of cyber attacks are successful because of employee error. What’s the common method used in these cyber attacks to compromise data? You guessed it, spear phishing.

Spear phishing emails are rarely transparent. One believable email from a spoofed address is all it takes to gain access to employee credentials and, from there, sensitive company information. But the good news is, human error is avoidable with some training and education.

Talk to your employees about the reality of phishing attacks. Set aside 15 minutes at your next company meeting to educate them on what spear phishing attacks look like, what they do, and any steps they should take if they encounter one. Document a quick guide to internet security and make it available on your network. Even quarterly quizzes with a fun prize for winners can be the motivation needed to build security knowledge.

The more opportunities your employees have to learn about spear phishing and other scams, the better prepared they’ll be if they encounter something suspicious.

7. Confirm suspicious email activity before interacting with it

If you receive a suspicious email from someone you trust, but you’re not sure if it truly came from them, stop by their office, pick up the phone, or send them a separate email.

The two minutes it takes to establish validity is absolutely worth it, no matter the outcome. Best case scenario? The email is legitimate, and you have peace of mind. Worst case scenario? It’s a spear phishing email, but you still have peace of mind, and the person you spoke to can now warn others in the organization of a potential phishing attack.

Spear phishing attacks happen every day. But though they’re a security concern, they don’t have to be a problem if you plan ahead, prepare your organization for attacks, educate your employees, and encrypt your data.

 

Looking for more tips to help you combat cyber threats? Watch our on-demand webinar, where top cybersecurity experts discuss how you can protect your company from data breaches and avoid security risks.

 


Preview of Gartner Security & Risk Management Summit 2017

Four days of security discussions, over seventy five speakers, and six program tracks; these are the numbers exciting cybersecurity professionals around the nation as they prepare to attend this year’s Gartner Security & Risk Management Summit. Taking place from June 12-15 in National Harbour, Maryland, this summit is one of the biggest and most important of the year.

Linoma Software, a HelpSystems company, will be attending this premier gathering of security, risk management, and business continuity management leaders, in order to take in this all too valuable informational experience.

Here are some must-see sessions that we’re looking forward to:

What Can We Expect from the EU’s General Data Protection Regulation?

June 12, 2017 | 10:00 AM – 11:00 AM | Carsten Casper

Are you ready for GDPR compliance? Do you have a timeline in place to implement the required security protocol? The latest cybersecurity compliance regulation out of Europe has companies around the world wondering – does this apply to us? This session will go into full detail about the regulation, as well as what actions IT departments in non-European countries must take to meet compliance regulations.

Forcepoint: Insider Threats: Understanding Intent and Creating Actionable Programs

June 12, 2017 | 11:30 AM – 12:15 PM | Dr. Richard Ford, Meerah Rajavel

In a time where large and harmful security breaches seem to occur as often as the sun rises and sets, companies often struggle to hard to pinpoint where these breaches are coming from and why. A recent study from Crowd Research Partners showed that cybersecurity professionals consider “internal threats” the biggest threat to IT security. This session, presented by Joint Forcepoint Chief Scientist Dr. Richard Ford and CIO Meerah Rajavel, will examine strategies for implementing people-centric protection systems that will prevent bad cyber practices and enable good behaviors to help stop breaches caused by internal threats.

Roundtable: Managing Cloud Service Provider Security

June 12, 2017 | 2:00 PM – 3:00 PM | Jay Heiser

When it comes to the many cloud services that enterprises are confronted with, well, the sky’s the limit (pun intended). The cloud and its many benefits are more relevant than ever, and in this session, speaker Jay Heiser poses the question: who is accountable for managing this risk and ensuring that these cloud providers can be trusted? With such promising discussion, we strongly urge you not to miss this one.

To the Point: How to Respond to PCI DSS v.3.2

June 15, 2017 | 12:00 PM – 12:30 PM | Rajpreet Kaur

The 2018 deadline for compliance to PCI DSS v.3.2 is rapidly approaching. This session will cover information surrounding the various enhancements to the latest PCI DSS version and how to deal with them. Our recent whitepaper breaks down everything new about v.3.2, but we’re certainly interested in hearing what additional details and considerations Rajpreet discusses in this session.

 

We can’t wait to see you at the Gartner Security & Risk Management Summit of 2017! Make sure to come find us in booth 100 or reserve time at the event to chat.


GoAnywhere MFT meets highest level of AS2 interoperability testing with Drummond Recertification

Linoma Software, a HelpSystems company, today announced that GoAnywhere® Managed File Transfer (MFT) has been Drummond Certified™ for the highest level of AS2 interoperability in the AS2-1Q17 test event.

AS2 or Applicability Statement 2 is a widely used standard for secure and reliable file transfer of EDI and other business data between organizations and their trading partners. Popular among B2B e-commerce and retail organizations, AS2 is known for its relatively low cost, increased security, and efficiency. Consecutively Drummond Certified since 2015, GoAnywhere MFT remains committed to offering guaranteed AS2 compatibility for customers and joins the ranks of 12 other software products worldwide with this most recent recertification. “We have consistently met the stringent requirements for AS2 Certification for over 2 years,” said Bob Luebbe, President and Chief Architect at Linoma Software. “The process is not easy but we believe it is well worth the effort to ensure our AS2 customers know without a doubt that our product will work in their environment. Guaranteed.”

GoAnywhere Drummond Recertification for AS2-1Q17

To qualify for Drummond Certification, software products must meet several requirements and submit to strict testing designed to verify compatibility between other certified products. “Vendors also work together to test RFC 4130 other optional functional areas such as: SHA-2, Reliability/Restart, Filename Preservation, Chunked-Transfer-Encoding and Multiple-Attachments. These companies dedicate months of automated testing to resolve issues in a real-world test setting, supported by Drummond Group’s InSitu™ Test System, and earning AS2 Drummond Certification as a group. Drummond AS2 certified products continue to provide the highest level of interoperability providing small, medium and large global businesses a wide selection of offerings,” said Aaron Gomez, Drummond Group’s Director of B2B testing.

In this test series, GoAnywhere MFT not only received Drummond Certification for AS2, but also met additional requirements for several optional tests including multiple attachments (MA), file name preservation (FN), file name preservation for multiple attachments (FN-MA), chunked transfer encoding (CTE), and secure hashing algorithm 2 (SHA-2). Learn more about GoAnywhere MFT and AS2 compatibility, by visiting our AS2 Solution page or request a demo to see GoAnywhere in action. 


8 Ways to Protect Your Healthcare Organization from a Data Breach

Last year there were 328 data breaches of healthcare organizations. That’s a new record, up from 268 the previous year. In these breaches, the records of approximately 16.6 million Americans were exposed. These incidents occurred at all types of organizations in the industry, including clinics, insurance providers and their healthsystem business associates.

If you’re in the healthcare industry, here are eight steps you can take to ensure that your organization isn’t the next one in the news.

#1. Continually Evaluate HIPAA Compliance

You’re in healthcare, so you already know about HIPAA, the Health Insurance Portability and Accountability Act that safeguards Protected Health Information (PHI). Fines for non-compliance can reach millions of dollars and even include jail time, which should be enough to ensure that you take HIPAA seriously. But you should also think of HIPAA as a solid starting point for avoiding major cybersecurity threats.

HIPAA requires annual risk assessments, and it’s not a bad idea to assess your security and compliance even more frequently. In a typical organization a lot of changes are made in a year, including new software implementations and upgrades, employee turnover and role changes, or mergers and acquisitions—all of which can create vulnerabilities. These assessments are also a great chance to evaluate your internal security policy and incident response plan.

#2. Educate Your Employees

We all worry about the nefarious hacker, lurking in a dark room and furiously typing code to steal your organization’s records. The truth is that one of the leading causes of healthcare data breaches in 2016 was employee error.

Make sure that all employees in your organization know what personal information can be shared with patients, caregivers, and others according to HIPAA and any state regulations you need to follow. Give your employees a test of their security knowledge or run simulations through phone calls and emails, and reward the employees who respond correctly.

#3. Manage Roles and Access

Keeping medical records secure can be a challenge because they pass through so many hands, but the access that a doctor needs is different than that of a member of the finance or IT staff. It’s essential that every user has an individual account with role-based access appropriate for their position. The IT administrator should also have full visibility into who accesses or manipulates what data and when, so they can identify suspicious activity such as downloading large volumes of data to an unknown IP address.

#4. Subnet Your Network

It may seem like a basic mistake to an IT or security professional, but you might be surprised how many healthcare providers leave patient records exposed to anyone who accesses the publicly available internet. Subnetting, or creating separate subnetworks, allows you to set aside part of your network for the public and others (with more security) for any applications that touch medical records or credit cards.

#5. Use Multi-Factor Authentication

The standard username and password isn’t secure enough for users who need to access private patient information. Multi-factor authentication typically requires at least two of the following: something you know (like your password), something you have (like a token), or something you are (like a fingerprint). A 2015 report by the Office of the National Coordinator for Health IT found that, while hospital support for multi-factor authentication had risen by 53 percent since 2010, only half of small urban hospitals were capable of it. Fifty-nine percent of medium and 63 percent of large institutions had the capability.

If you are a healthcare organization that still doesn’t support multi-factor authentication, it’s a key step to take toward securing your data.

#6. Protect Devices and Be Cautious with BYOD

The majority of healthcare data breaches occur not because of hackers, but because of stolen or lost devices. For devices owned by your organization, make sure they are encrypted and that you have the ability to wipe them remotely.

You should also adopt strong security measures in your BYOD policy. Employees will want to have the convenience of easily accessing PHI from their tablets, laptops, or mobile phones, but if one of these devices falls into the wrong hands, the result could be devastating to your company. Here are some steps you should take in your BYOD policy:

  • Require strong authentication methods
  • Don’t allow medical records to be stored on employee devices
  • Prevent devices from connecting to healthcare applications beyond a certain distance from your facility

#7. Ensure Business Associates are Protecting PHI

Healthcare providers rely on a wide network of associated companies and services. Business associates of organizations that must comply with HIPAA are also held to HIPAA standards for protecting patient data and will be fined if they fail to do so. Your business associate agreements with these organizations should be tailored to both HIPAA and any state regulations that apply to your organization. The associates should be required to develop internal processes to assess security, and discover and report data breaches. Choose business partners that are agreeable to complying with security best practices or they will be a liability.

#8. Encrypt Data at Rest and in Transit

HIPAA states that covered entities should “implement a mechanism to encrypt PHI whenever deemed appropriate.” That can be a little hard to interpret, but regardless of HIPAA or other regulations, strong encryption is the best way to protect your data.

HIPAA also says that if encrypted data is stolen, the incident does not constitute a data breach. In other words, you can avoid damaging your reputation by having to notify your patients, the media, and the government by using encryption.

managed file transfer solution can encrypt your files both at rest and in transit using modern, secure encryption methods. Good MFT software will help ensure that you stay up-to-date as encryption standards change over time, while also making your data transfers simple to manage and audit.

To find out how GoAnywhere MFT can help you stay HIPAA compliant, download the guide.

 


MFT Agents: Definition, Differences and Use Cases

In GoAnywhere’s latest product release of its Managed File Transfer solution, MFT agent capabilities were introduced. The following resource aims to help readers understand what MFT agents are, the difference between a traditional MFT deployment and an MFT agent deployment and some example use cases. For further questions, open the Live Chat box at the bottom right of this page or send us an email at linoma.sales@helpsystems.com.

What are MFT Agents?

MFT agents provide real-time, remote file transfer capabilities that are controlled from a central MFT server. Managed File Transfer Agents are ideal for organizations with remote sites like branch offices, cloud environments or other remote locations, where remote management of data movement from a single flagship location is required.

With GoAnywhere MFT agents, IT admins can:

  • Enjoy centralized control of remote file transfers and workflows
  • Create Agent Templates with registration rules to easily deploy Agents on a large scale
  • Monitor remote locations for new, modified and deleted files on the system

MFT Agents vs. Traditional MFT

There are a few key differences between traditional MFT deployments and an MFT Agent deployment. By deploying agents, network professionals can manage all instances of the deployment from one centralized location, versus having to manage multiple locations individually. This drastically reduces the amount of configuration time, and can present major cost benefits considering the reduction in administration time, management of software updates and other tasks.

MFT agent capability allows IT professionals to easily deploy MFT agents on almost any server or workstation where file transfers need to be performed (Windows, VMware, Linux, Amazon EC2, Microsoft Azure, IBM I (iSeries), AIX, UNIX, and Mac OS systems). With this multi-platform capability, organizations with complex environments can greatly reduce the manual, repeatable work associated with the complexity.

MFT Agent Applications & Use Cases

In an interview with Linoma Software President and Chief Architect, Bob Luebbe, the wide application of MFT agents is explained. “The use cases for MFT agents are really endless. Whether it’s a franchise needing to synchronize files with its store locations, or a healthcare system needing to move PHI data between its data center and satellite clinics, the deployment of MFT agents will greatly simplify those processes,” he says.

Below are just a few use cases of Managed File Transfer agents:

  • Restaurant Franchises: Whether a restaurant chain has thousands of locations worldwide, or a handful of regional locations, MFT agents allow for the distribution of new proprietary recipes, pricing updates and other sensitive data to and from the remote locations - easily and securely.
  • Retail Stores: Retail organizations with a network of stores can now manage new season inventory updates, product launch information, changes to employee policies and more, all through one centralized solution.
  • Healthcare Providers: Healthcare clinics with multiple satellite locations can ensure PHI data is securely transferred between locations, pharmacies and other partners using MFT agents.
  • Insurance Agencies: Enrollment applications, new products and services, and pricing structure updates can all be transferred quickly and securely.

In any use case, MFT agents can run on systems inside an organization’s network to move files throughout the data center, or can be deployed to remote sites like branch offices, cloud environments like Amazon AWS, Azure, and other remote locations. GoAnywhere MFT Agents even allow users to create and schedule multi-step workflows that can copy files, archive files, translate data, send alerts, add data to a database, execute native commands, or perform other file system tasks.

The image below shows an example implementation model, where one agent is deployed to an internal network, two are deployed to remote locations and one is deployed to a cloud environment.

Imagine the possibilities if organizations could greatly reduce the time spent on manual file transfer processes, and reallocate those resources towards more strategic initiatives.

Could MFT agents be a fit for your organization? Schedule a democontact a product specialist at linoma.sales@helpsystems.com, or watch the on-demand MFT Agents webinar to learn more.

 

 

 

 

 

 


New GoAnywhere Release Automates and Secures File Transfers in Cloud and Private Networks

FOR IMMEDIATE RELEASE

Contact:  Mike Devine, Vice President, Marketing - HelpSystems
p. 952.563.1696
mike.devine@helpsystems.com

New GoAnywhere Release Automates and Secures File Transfers in Cloud and Private Networks

Omaha, NE. May 8, 2017 – Linoma Software, a HelpSystems company, today announced the release of version 5.5 of its GoAnywhere managed file transfer (MFT) solution, which allows organizations to deploy MFT agents across the enterprise to automate, secure and audit all of their file transfers from a single, centralized location. This new innovation adds to an already extensive suite of security and automation features including encryption at rest and in transit, batch and ad-hoc file transfer, peer-to-peer file collaboration, and more.

With this new version, customers can easily install MFT agents on almost any server or workstation where file transfers need to be performed including Windows, Linux, UNIX, IBM i and Mac OS systems.  These systems can reside on-premises or in cloud infrastructure such as Amazon Elastic Compute Cloud (Amazon EC2) or Microsoft Azure. This allows for organizations with complex and ever-changing environments to greatly reduce the manual repeatable work associated with the complexity allowing IT professionals to focus on more strategic initiatives.

The MFT agents are managed by a central deployment of GoAnywhere, where customers can easily configure and schedule agent file transfers right from their browser. This new version of GoAnywhere not only transfers all files securely, but also gathers key information about the transfers for simple, consolidated auditing and reporting. This unique approach provides visibility of all file transfers within the organization.

“The use cases for MFT agents are really endless,” said Bob Luebbe, President and Chief Architect at Linoma Software. “Whether it’s a franchise needing to synchronize files with its store locations, or a healthcare system needing to move PHI data between its data center and satellite clinics, the deployment of MFT agents will greatly simplify those processes.”

MFT agent Features and At-a-Glance

  • Automates and secures file transfers within a centrally managed environment
  • Monitors agent systems for new or modified files
  • Schedules file transfers on agent systems to run at future dates/times
  • Provides additional workflow capabilities such as compression, decompression, data parsing, database integration, and native command execution
  • Sends automatic alerts via e-mail or text messages if file transfers fail on agents
  • Feeds audit data to the central GoAnywhere MFT solution for reporting