The Complete Guide to File Encryption: 2024 Update

Our most sensitive information often finds itself zipping through cyberspace, from personal records to business secrets. But just like you wouldn't send your prized possessions through the mail without a lock and key, your digital files need protection too.

Many businesses and individuals rely on email encryption for secure communication and file sharing, but what about files that are too big to email? Or what about workflows that prohibit emailing sensitive information?

That's where secure file-sharing comes in. In this blog post, we'll dive into the world of file encryption and encrypted file-sharing, exploring what it is, why it matters, and how you can use it to keep data safe from hackers and prying eyes.

What is File Encryption?

File encryption works by using a complex mathematical algorithm, known as a cipher, to scramble your readable files (“plaintext”) into an unreadable format (“cyphertext”). The cipher can only be accessed with a unique key, which determines how the data is encoded. Without the correct key, even if someone gains access to your encrypted files, they won't be able to decipher the contents.

The security strength hinges on the key length, measured in bits. The rule is simple: the longer the key, the tougher it is to crack. Advanced Encryption Standard (AES) encryption, for instance, offers keys up to 256 bits long (AES-256 bit). It would take a supercomputer (within today’s technological limits) millions of years to successfully crack the code simply by guessing (aka Brute Force Attack).

Recommended Reading: Encryption 101: How it Works & Who Gets Your Data | End-to-End Encryption, Explained 

What Files Need to Be Encrypted?

Why do you guard your tax documents, health records, and social security details so carefully? Because if they're intercepted by the wrong people, you could suffer irreparable damage.

The rule of thumb for file encryption is straightforward: any file that could cause financial, legal, or reputational damage if exposed should be encrypted; and it’s better to be safe than sorry. Below is a list of commonly encrypted files, safeguarded by both individuals and organizations:

• Personal information: Any files containing social security numbers, birth dates, addresses, or other personally identifiable information should be encrypted.
• Financial data: Bank account numbers, credit card information, and other financial records need to be secured with encryption.
• Medical records: Patient data, health insurance information, and any other medical-related files must be encrypted to comply with privacy regulations like HIPAA.
• Legal documents: Contracts, legal agreements, and other sensitive legal files should be encrypted to maintain confidentiality.
• Business data: Company plans, strategies, intellectual property, and confidential client or customer information require encryption to protect against competitors and data breaches.
• Employee records: HR files, employee contracts, and other personnel data should be encrypted to ensure privacy and comply with employment laws.
• Research and academic data: Universities, research institutions, and other academic organizations need to encrypt sensitive research findings, student records, and intellectual property.
• Government and classified information: Any files containing government data, classified information, or matters of national security must be encrypted to prevent unauthorized access.

Documents (PDF, Word, GoogleDoc, etc.), images, videos, and audio files are all types of individual files that can contain the listed data. That’s why it’s vital to know how to encrypt files, and to choose a file encryption solution that can help you do it quickly, casually, and easily.

Recommended reading: Five Reasons You Need Encrypted File Sharing

How to Encrypt and Share a File: PDF, Excel, Etc. in 3 Ways

File encryption is responsible for protecting your sensitive files under lock and key. But the fact of the matter is: these files need to move and travel in order to be valuable. An encrypted HIPAA form is no good to anyone if it can't be sent to an insurance company - and the same goes for every other listed sensitive file. 

That's where secure file-sharing tools come in. They use file encryption as a method of protecting your sensitive files while they're on the move - and some even protect your data while it's at rest. Here are three of the most common ways that files are securely shared, using encryption. 

1. Virtru Secure Share: The User-Friendly Way

Step 1: Sign into Virtru Secure Share using your existing email credentials.

Step 2: Drag and drop files you’d like to share. If connected to Google, you also have the option to import files from your Google Drive.

Step 3: Control Access: With Virtru, you can easily set access levels, revoke access, or set expiration dates for your encrypted files, giving you full control over who sees your data and for how long.

Step 4: Share! Recipients will receive an email notification from Secure Share. They can verify using their existing email credentials and decrypt files - helping tamp down on password management.

When it’s time to request sensitive files, Secure Share gives you a unique link to share with your collaborators. Using the link, collaborators can simply drag and drop files to be automatically encrypted upon upload. You can then access the encrypted file using your existing credentials.

Secure Share is as simple as it is quick for everyday, ad-hoc file sharing - the kind that most use cases need. We like to think of legacy methods of file-sharing as cargo ships, requiring significant infrastructure and coordination for bulk data transfer but lacking flexibility and advanced security (more on that below).

Secure Share is more like using a speedboat, offering a fast, personal, and secure way to share data with a shorter learning curve and added controls over your data.

2. Secure File Transfer Protocol (SFTP)

Step 1: Set Up Authentication: SFTP requires authentication to connect to the server. This could be in the form of a username and password or, for enhanced security, SSH keys.

Step 2: Connect to the SFTP Server: Open your SFTP client and enter the server’s address, your username, and password (or your SSH key). If this is your first time connecting to the server, you may need to verify its identity by accepting its SSH key.

Step 3: Transfer Files Securely: Once connected, you can begin transferring files. Simply drag and drop files into the client window to start the encrypted transfer process.

SFTP, or Secure File Transfer Protocol, builds upon the legacy FTP protocol but adds a vital layer of security by encapsulating the data in an encrypted tunnel. This method ensures that both the commands and data are protected, intending to reduce the risk of data interception or eavesdropping. Examples of FTP encrypted file systems include Progress MOVEit, CrushFTP, Kiteworks, FileZilla, and ShareFile.

This encryption method takes robust technical expertise and ongoing maintenance to run smoothly. And as of late, there are significant concerns with the security of FTP-run solutions as evidenced by recent high-profile zero-day incidents.

There is nothing inherently wrong with FTP - it's a great protocol for moving large files. What's most concerning, is that most FTP (and MFT) solutions require IT to install applications within their perimeter. These applications, as demonstrated by recent breach news can be vulnerable and if not patched can create problems.

3. Managed File Transfer (MFT)

Step 1: Configure Your MFT Platform: Work with your IT team or the MFT provider’s support to configure your MFT software. This involves setting up secure protocols, user permissions, and automated workflows according to your requirements.

Step 2: Integrate MFT Into Your Systems: Many MFT solutions offer integration with existing applications and systems. Properly integrating your MFT platform can streamline operations and ensure seamless, secure file transfers across your organization.

Step 3: Automate and Monitor Transfers: Use the MFT’s features to automate repetitive transfer tasks and monitor all file transfer activity. This helps in maintaining compliance and ensures that all data transfers are secure.

Managed File Transfer (MFT) represents a more holistic approach to secure file sharing. MFT solutions provide a comprehensive suite of tools for securely transferring data, managing workflows, automating transfers, and ensuring compliance with data protection regulations. They support multiple data communication protocols, including SFTP, FTPS, and HTTPS, making them versatile for various business needs. Examples of MFT providers include: Progress MOVEit, Kiteworks, GoAnywhere MFT, AWS Transfer Family, and JSCAPE MFT Server.

Managed File Transfer (MFT) solutions are commonly used by organizations to automate repetitive file transfer tasks (think sending daily inventory from a warehouse to HQ). These machine-to-machine workflows are the primary purpose of MFT systems, and they excel at streamlining these processes.

However, problems arise when organizations extend the use of MFT systems to accommodate ad-hoc or user-to-user workflows. As a result, the average end user will need to use what is often a very clunky interface to transfer files. Although the files are encrypted during transfer, they are frequently not encrypted at rest, meaning that once they are in the designated folder, they are just as vulnerable as copies stored on the user's desktop or local file share.

Additionally, users often forget to clean up the files they have uploaded, leaving them in the system for extended periods. If an MFT system has an unpatched vulnerability, all the files stored in these folders become accessible to bad actors, as seen in the recent cases of MOVEit and CrushFTP.

Recommended Reading: Proofpoint Secure Share EOL: Time to Switch to Virtru | Virtru or Kiteworks? 5 Compelling Reasons to Go with Virtru | Progress MOVEit Breaches Expose PHI and PII for Over 80% of Oregon's Population | The Fall of Legacy Systems: Unpacking the CrushFTP Zero-Day Flaw

File Encryption in the Cloud: Native vs. Client-Side

The days of saving sensitive documents solely to your local device are long past - and have been for a while. Cloud services like Google Drive, Dropbox, and OneDrive have blown up - they're convenient, accessible, and make collaboration a breeze for people wherever, whenever.

Regardless of the convenience, sensitive data stored in a cloud needs to be safeguarded. At a high level, there are two primary methods people rely on to secure data in the cloud.

Native File Encryption

Most reputable cloud providers like Google or Microsoft have built-in security measures, like encrypting your data while in transit and at rest. That's great, but here's the catch: the cloud provider usually holds the keys to that encryption. In other words, cloud providers could have unfettered access to your data if the government requests it, or if the cloud provider is hacked.

This isn’t just a hypothetical scenario. Data stored in a public cloud is at the mercy of the cloud provider you choose, whether they’re subject to a blind subpoena, or a series of preventable data breaches. Once you send your sensitive files to the cloud, its fate is up in the air. For some, the risk may not be of much concern. But for businesses and government entities with especially stringent regulations on data storage, natively available file encryption won’t cut it.

Client-side Encryption

For an extra layer of control over the files you’re encrypting and uploading to the cloud, Client-Side encryption is the industry standard. Client-Side Encryption (CSE) is a security measure that protects data by encrypting it on the user's device before it is sent to be stored on remote servers or cloud storage services. This approach ensures that the data remains secure from the moment it leaves the user's device until it’s safely stored elsewhere.

When using CSE, the encryption process can be handled entirely by the user's device, and the encryption keys are kept under the user's control. This means that even the service providers or other third parties who store the encrypted data do not have access to the keys necessary to decrypt and view the information.

By keeping the encryption keys in the hands of the user, CSE adds an extra layer of protection and privacy. Even if unauthorized individuals gain access to the encrypted data stored on remote servers, they would be unable to decipher the content without the encryption keys held by the user.

CSE is particularly beneficial for individuals and organizations that want to reap the benefits of cloud storage while maintaining a high level of control over the confidentiality of their data - specifically those trying to meet regulations like. It provides assurance that sensitive information remains protected, regardless of where it is stored or who is responsible for managing the storage infrastructure.

That being said, not all CSE is created equal: It can be implemented in a variety of ways. Take, for example, Virtru's client-side encryption for Gmail. That tool provides client-side encryption for emails and file attachments sent through Gmail, as well as advanced security controls like setting an expiration date, adding a watermark, and so on. However, there's another way to achieve client-side encryption for email and file encryption in Gmail, and that's with Google S/MIME for Gmail. S/MIME is a totally different method of implementing CSE, with different controls and a different level of overhead. Both paths achieve client-side encryption for Gmail emails and attachments, but the user experience and admin responsibility can look very different. It's important to evaluate client-side file encryption tools with these requirements in mind.  

Choosing File Encryption and Secure File-Sharing Software

Picking the right secure file-sharing solution, like Virtru’s Secure Share, isn't just about ticking boxes for encryption. It's about finding a partner that aligns with your business and security needs. Here's what to keep in mind:

Make Secure Sharing a Breeze

Let’s be honest, no one wants to wrestle with complicated software. When looking for a secure file-sharing provider, think about the overall experience for everyone in the mix — your team, the IT squad, and those external partners peeking into your shared files. A smooth, user-friendly secure share solution means people actually use it, keeping headaches for your IT folks to a minimum.

Nail Down Key Management for Peace of Mind

If your organization plays in the big leagues of data security (FedRAMP, SOC2, ITAR, CMMC, DFARS, and more), you may want (or need) to have control over the keys to your data. Explore if your encrypted file-sharing provider has key management options to suit your needs, whether on-prem or in the cloud.

Secure Files Flowing through Zendesk, Confluence, and Drive

You don’t need to choose between security and convenience. Virtru Secure Share can integrate with tools your team uses every day - meeting you where you already work. With simple integrations into Zendesk, Confluence, and Google Drive, you can securely share sensitive files without opening up other tabs.

Read Up and Reach Out

Don’t just take our word for it; see what the crowd’s saying. Look at reviews on platforms like G2, Capterra, and Gartner Peer Insights to get the scoop on Virtru’s Secure Share. A solution that’s earning high fives from its users and snagging awards is a green flag. And don’t skip over those customer success stories — they’re gold mines for seeing how Virtru’s Secure Share stands up in the wild.

Securing All of Your Unstructured Data - Emails, Files, SaaS apps, and more

Choosing Virtru means looking for something easy to use, keeps your compliance in check, and can handle more than just encrypted file-sharing.

Encrypted File Sharing for Compliance

HIPAA: Healthcare

The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities and their business associates to implement appropriate safeguards to protect electronic protected health information (ePHI). The HIPAA Security Rule specifically calls for encryption of ePHI both at rest and in transit, making encrypted file sharing a crucial aspect of HIPAA compliance.

Recommended Reading: What is ePHI? | How a Healthcare Startup Built a Security Forward Culture

FERPA: Education

Educational institutions have a lot on their plate when it comes to protecting sensitive data. The Family Educational Rights and Privacy Act (FERPA) is the main player here, setting the ground rules for safeguarding student records. While FERPA doesn't specifically say "thou shalt encrypt," it does require institutions to put in place solid safeguards to keep student information confidential. Encrypting files at rest and in transit that contain sensitive student data is a smart move for staying on FERPA's good side.

But for some higher education institutions, FERPA is just the tip of the iceberg. Universities that operate like small cities often have to juggle multiple compliance requirements. Take healthcare, for example. If a university runs a medical center or handles patient data, they've got to make sure they're following the Health Insurance Portability and Accountability Act (HIPAA). This means implementing stricter security measures, including securely sharing files.

And for big-league research universities (think R1 institutions), there's even more to consider. When they collaborate with the federal government on highly sensitive research projects, they may need to comply with the Cybersecurity Maturity Model Certification (CMMC). This is especially true for research related to the Department of Defense. Under CMMC, encrypted file sharing becomes a critical tool for protecting controlled unclassified information (CUI).

Recommended Reading: K-12 Data Protection: 10 Practical Tips from School IT Leaders | R1 Universities Meeting CMMC 2.0: Balancing Security and Innovation

CJIS: Law enforcement and legal teams

When it comes to law enforcement agencies and local government entities, handling sensitive information is a critical part of the job. To keep things secure, they need to follow the Criminal Justice Information Services (CJIS) Security Policy set by the FBI. This policy lays out the minimum security requirements for accessing, transmitting, and storing criminal justice information (CJI). One of the key aspects of the policy is the requirement to encrypt CJI both at rest and in transit.

Law enforcement agencies and local government entities may also need to comply with other regulations and standards, such as the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Special Publication 800-53. These regulations and standards call for the implementation of appropriate security controls – and encryption is central to that.

Recommended Reading: CJIS Compliance and Data Encryption — Here’s What You Need to Know 

NIST & CMMC 2.0: Government

When it comes to handling sensitive information in the defense sector, government agencies and contractors have to play by a stricter set of rules. The Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Special Publication 800-53 lay out the security controls that need to be in place, and encryption is a key player in this game. Encrypting files containing sensitive government data is a must for staying compliant and keeping information locked down tight.

The Cybersecurity Maturity Model Certification (CMMC) is a relatively new kid on the block, but it's quickly becoming a critical framework for cybersecurity in the defense industrial base. Under CMMC, contractors have to implement specific security controls based on the sensitivity of the information they handle. At higher CMMC levels, encryption is non-negotiable for protecting controlled unclassified information (CUI) and federal contract information (FCI). So, for defense contractors looking to score lucrative government contracts, encrypted file sharing is a must-have tool in their cybersecurity arsenal. It's not just about checking boxes; it's about proving they can be trusted with some of the nation's most sensitive data.

Recommended Reading: CMMC 2.0 Quick-Start Guide for Defense Contractors | ITAR and CMMC 2.0 Compliance, Without the GCC High Price Tag | Data Is the New Perimeter: Insights from NIST and Virtru on CyberWire

Finance

The Gramm-Leach-Bliley Act (GLBA) and the Federal Trade Commission's (FTC) Safeguards Rule set the standard, requiring financial institutions to safeguard the confidentiality and security of customer information. While these regulations don't explicitly mandate encryption, they do require appropriate security measures to be in place. Encrypting files containing sensitive customer data is a smart way to meet these requirements and keep that data secure.

Financial institutions handling credit card transactions also have to contend with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is clear on the encryption front: cardholder data must be encrypted both at rest and in transit. This means that encrypted file sharing is a must for staying compliant and protecting card numbers - even in internal communications where file sharing might be needed.

The Financial Industry Regulatory Authority (FINRA) also has its own set of rules designed to protect investors and maintain market integrity. FINRA expects firms to have robust cybersecurity measures in place, including encrypting files containing confidential client information.

Recommended Reading: Why a Global Banking Giant Chose Virtru for Easy-to-Use Email Encryption and Compliance

File Encryption & Secure File-Sharing: Net Positives for your Organization

When it comes to protecting your sensitive files, there's no room for compromise. Whether you're sharing personal records, business strategies, or classified government information, you need a file encryption system that's easy to use, reliable, and compliant with industry standards. With so many options out there, it can be tough to choose the right one. But by keeping key factors in mind - like user experience, key management, integration with existing tools, and real-world performance - you can find a solution that fits your unique needs.

If you’re looking for a trusted partner in secure file sharing, Virtru's Secure Share is worth a closer look. Book your demo today.