Part 3: Cyber Security Awareness Month Series
Good security policies are the foundation of business data protection, but they’re not enough without the right technology. In part 2 of our cyber security awareness series, we explained how to evaluate your current corporate data security protections to make sure they’re up to snuff. In part 3, we explain how to use multi-factor authentication, email encryption and other crucial corporate security tools.
1) Multi-factor Authentication Reinforces Password Security
There’s no surer way to weaken enterprise data security than poor password practices. Hackers are very smart, and the passwords we use are usually a lot less secure than we think. Requiring regular password changes and setting minimum password strength can reduce the chance of a breach, but there’s no practical way to make sure your employees aren’t reusing passwords from other accounts, using obvious passwords or making other basic security mistakes.
Multi-factor authentication defends against password theft by requiring a secondary type of identification. For example, to use an ATM, you need both your card and PIN number. Other multi-factor authentication systems add voice identification, fingerprints, or access badges. This provides extra business data protection, by making it much harder for hackers to successfully impersonate the user.
One of the most common multi-factor authentication systems is the one-time password — an extra password that only works for a particular login session. For example, enabling two-factor authentication in G Suite (formerly known as Google Apps) security settings tells Google to send a code to your smartphone when you want to log in. Unless you have both the code and your password, you won’t be able to access your Google account. This prevents hackers from gaining account access just by guessing your password. Organizations should use two-factor authentication anywhere business data protection is important.
2) Data-Centric Encryption Provides Business Data Protection on Open Networks
Encryption keeps data confidential by scrambling it, using a randomly generated password called the key. Anyone who doesn’t have the key can’t decipher the data. Default Gmail encryption and other secure apps use a type of point-to-point encryption called TLS to transport data. Data traveling through the Internet passes through multiple servers until it finally arrives at the recipient. With TLS, each server on the journey receives the message, decrypts it, then re-encrypts it and sends it to the next server.
Because it depends on the servers, TLS isn’t secure enough for business data protection. Google provides great business data protection inside their network, but once an email leaves that network, it can encounter a server that has been hacked or improperly configured. This can enable a third-party to steal or alter your email without you even knowing it.
Data-centric encryption protects the individual piece of data instead of the connection. Even if an email or file is intercepted in transit, it can’t be decrypted. By guarding your files and emails across their entire journey, data-centric encryption provides a much stronger standard of business data protection.
The best secure email services will allow you to use data-centric encryption on top of your existing email account, maximizing business data protection while minimizing disruption of your normal workflow. If you store files in the cloud, you should also use encrypted file sharing to ensure they aren’t compromised.
Google users can gain both business data protection tools in a single app. Virtru G Suite Encryption works with our Gmail encryption, providing complete data-centric encryption throughout your Google domain. Our email encryption also works with Microsoft Outlook, and other popular email services.
3) Read Receipts Help Identify and Remediate Threats to Business Data Protection
Logging access and changes to your data is essential for business data protection as well as compliance. HIPAA, CJIS and other compliance regimes require organizations to monitor sensitive data for unauthorized access, and mitigate and report breaches, should they occur.
Virtru Read Receipts allow you to identify who has accessed files and emails sent from your organization. Virtru users can also rescind emails and files — even after they have been sent. These two features are a powerful combination for breach mitigation and business data protection. If you’re quick enough to rescind, read receipts will serve as proof that your message hasn’t been opened. On the other hand, if one or more recipients click your message before you rescind it, you can identify exactly who has seen the message and remediate the breach.
For example, If you accidentally send out a patient’s HIPAA PHI to a group of recipients but manage to rescind it before it’s opened, you’re not required to file a HIPAA breach notification. Even if one of your recipients open it first, it limits the scale and damage from the breach. Rescinding the message will prevent the other recipients from seeing it, prevent the recipient who has seen it from accessing it in the future, and help satisfy the breach mitigation requirement.
4) Data Loss Prevention — Business Data Protection Against Human Errors
It’s important to protect against sophisticated hackers, but mistakes are an even bigger risk. Even mistyping an email address or accidentally forwarding a sensitive attachment can breach corporate security. Data Loss Prevention (DLP) provides an extra layer of business data protection by detecting and correcting potentially risky emails before they’re sent to the recipient.
Virtru DLP automatically scans the title, addresses, body and attachments of your organization’s emails, and uses customizable compliance rules to remediate risk. When a user tries to send out a risky message, Virtru DLP can:
- Display a warning
- Encrypt the email
- Strip attachments
- Attach text (e.g. a legal disclaimer)
- Forward it to an administrator (using CC or BCC, if desired)
Not only does this prevent errors that could breach compliance, like sending sensitive data in an unencrypted email or putting a credit card number in the body of an email — it also enforces organization-specific business data protection policies. For example, you can automatically encrypt all data sent to business partners, or strip attachments sent outside of your organization to ensure workers don’t move data off of your chosen productivity or file sharing apps.
Learn More About Business Data Protection
We hope this series has boosted your cyber security awareness insights. Use these resources to take a more in-depth look into corporate security.