Encryption Is Not Enough

We enjoyed re-visiting the hilariously titled article "How to securely store and share sensitive files (A tin foil hat that actually works)" posted on PopSci last month.

Among many solid suggestions: use strong passwords and two-factor authentication with cloud services, and encryption on devices. These are the right practices as we reach what may be a tipping point in cyber crime.

The article hints at the issues with using cloud storage to share with outsiders, i.e. external recipients, those who aren't also employees of the same company. Turning on encryption as offered in those services protects your data in the drive, and ensures it was delivered securely. But the end result of such sharing requires you to decrypt and provide a copy the recipient can download and open.

Hopefully, you sent it to the right recipient.

If not, you have lost control. And in a regulated industry, if things go wrong you may be embarrassed by the disclosure - if not fined.

Some of the alternatives include...

Secure portals - while seeming attractive, they have high failure rates with consumers due to complex, lengthy signup processes. Many offerings also scare users with new, unknown URLs or domain names. How do they know you're not phishing them?

Transmitting encrypted files - very secure, assuming you didn't deliver both the content and shared secret to the same, wrong recipient. Overall, very complicated for users. As complexity is the enemy of good security practices, this can't be recommended for anything but power-user to power-user.

If you look into these methods, test to see if the complexity is suitable for your expected recipient. For encryption, use existing enterprise tools to manage the process. For portals, take a skeptical view as you review the process - will users understand that there is a third party involved, or can your offering be hosted under your domain, and re-branded appropriately, including email notifications? Will your users need mobile access? Or desktop integration? What about Office 356 or GSuite?

Further, be sure that any encryption software you choose has a recovery key - in case things go wrong on your end.

And remember, once the recipient has the key, they have your data. There's no going back. If all or nothing doesn't fit your corporate, regulated reality - look into collaboration that secures itself.

Bill Fletcher

Get the latest from eShare

Thank you for connecting with eShare!

If you requested to connect with us, someone will follow up shortly.

Check out our latest blogs and product information for valuable insights.

If you have any immediate questions, feel free to reach out to us at info@eshare.com.

Follow us on LinkedIn to stay connected with our latest news and updates.

We appreciate your interest and look forward to connecting with you soon.

Oops! Something went wrong while submitting the form.

Better collaboration.
Higher productivity.
Better employee and client engagement.

Transform the way you collaborate. Contact eShare to get started.

Schedule a Demo