In group communications such as project teams or in client collaboration there is a need to distribute information and files electronically. The information being processed is many times confidential, either from a business or a private data (GDPR) perspective, so protecting that information is essential.
How to take data security into account in data transfers?
How can users take full responsibility for security when it usually is such a technical and difficult problem?
A need to share and transfer information in a secure but user-friendly way
E-mail is easy to use but known to be a relatively poor tool for communication in teamwork. Especially if communication is lively and files are shared and updated frequently. How do you keep track of files? How do you know that all team members have access to and work on the latest version of a file? Also, E-mail is notoriously insecure with the information usually transported and accessible in clear text on the delivery route. It’s even so bad that it’s regarded as safe as a postcard by security professionals. In fact, it’s even far less secure than a postcard, an email can live and be searchable forever. At least a postcard can be easily discarded or permanently destroyed after being read.
There are many encrypted mail systems available but they usually require you to completely change your legacy systems, not only you but all organizations and users that you are collaborating with. And, even if you do change it all, you still have the problem with knowing that everyone has up-to-date files.
So, if we forget e-mail, nowadays the actual transfer method in most modern software solutions, regardless of the tool, is encrypted and secure. That is if they use common technologies for protecting the communication channel. You still have to trust the service and storage since the protection is just in the transfer link (hop-by-hop security). Therefore, what specifically should be taken into consideration in your data transfer process, is the security of the application and data storage provider and the ease-of-use of the tools to meet your needs.
Often, the security debate revolves around technical issues – whether they are protocols, encryption technologies, access control technologies, or processes developed to control human behavior. However, it should be remembered that just as important, although often forgotten and compromised, is that the only security worth anything is the one that actually is being used. Naturally, the technical solutions in the background must be rock solid, but if the tools are too confusing, full of unnecessary functions that users do not understand and the use of the necessary features require excessive training, then even the most technically advanced products will never be fully utilized and data security suffers.
An example of how it should be done is the secure workspace Konfident, where user experience and functionalities are intuitive and reduced to a minimum, and the strong end-to-end security is almost invisible on the surface. The user has full control over what they share and to what team through the simplified user interface.
Based upon the Hyker philosophy “the only security worth anything is the one that actually gets used”, we set out to develop the easiest but most secure file sharing tool to solve file collaboration inside and between organizations, without a need for IT or security expertise, Konfident. It should be possible to do ad-hoc file sharing in teams with full control over who receives the information, and with the highest grade of security. Just because that you don’t have a huge IT security budget shouldn’t mean that you have to risk exposing sensitive information by using e.g. email, Google Drive or similar less secure alternatives.
As part of our launch, we are sponsoring the Swedish Allsvenskan football league during this Silly Season.
Today there are many information leakage risks during the transfer negotiations, like:
Information leaks to competing clubs
Information leaks to the press that spread rumors
You don’t know where the information leaks
Competing clubs “steals” transfers when they know what a competing club has been offering
Secure file sharing, for instance, contracts and proposals
Full control over who can access the documents
Competing actors cannot access the information
Media has no access to sensitive negotiations
Keep upcoming scout reports secret for anyone but their own organization
Keeping transfers confidential until they are finalized
The Hyker Campaign in short:
FREE access to the Konfident application during the first three months
A safe workspace for the club to share contracts, offers, negotiation material and reports
If you want access to a workspace for your club during this campaign, please contact Hyker using this form:
Most of us know that E-mail should not be used for the exchange of confidential data such as personal information without encryption. But how about internal e-mails, why should they be encrypted?
Typically, a company’s own e-mail solution is thought of as being a safe place to store all internal e-mail. But, many times “internal” email is actually handled and stored by an external email provider, like Google.
When e-mail is used to send sensitive information then storing it in an outsourced e-mail service or servers should raise an alarm for the person in charge of data security and data privacy protection.
Does the service provider agreement also cover situations where sensitive information has ended into places where it does not belong?
How fast do they respond to breaches?
How many e-mail service admins have access to the e-mail data?
How you signed a GDPR processor agreement?
In practice, the most reliable way to protect communication and file sharing is to use strong encryption already when sending a message by encrypting the data in the sending computer and delivering the encryption key to the recipient in some way, who then opens the encrypted message in their own computer when reading the e-mail. PGP, invented in the early 90s, is a good example of such an encryption technology that can work for all email and email providers, but sharing the encryption keys has been a manual task and too difficult, making it too impractical to use for normal users. This has often been the problem that has prevented the usage on a larger scale.
So, what to do then if you don’t have a large IT department with a lot of security expertise?
The solution is to use email, internally and externally, for less sensitive information only. Sensitive files and documents should be managed in a secure collaboration workspace that is really easy to use, like Konfident.io.