Managed File Transfer: A New Cybersecurity Strategy for Sensitive Files

Earlier this month, independent news platform Patch reported that Neiman Marcus, a department store chain in the US, has finally agreed to a settlement for their 2014 data breach. They’ll need to “pay $1.5 million and adopt measures to prevent hacks,” measures that include the encryption of card data, the use of “industry-accepted payment security technologies,” and the auditing and reporting of activity.

The original breach compromised over a quarter million of customers’ credit or debit cards.

While the Neiman Marcus data breach happened years ago, their failure to keep data safe from hackers and malware has harmed users perpetually (almost 10,000 cards were used after being stolen). And while data breach fines are often monetary, the request that Neiman Marcus fix the problems that led to their breach shows a valuable shift in breach prevention: it’s no longer enough to pay the fines. Poor cybersecurity strategies must also be improved to safeguard sensitive files in transit and at rest.

Why File Encryption for Sensitive Data Matters

Modern cyber incidents prove, again and again, that cybersecurity strategies and policies in industries like retail, healthcare, and even the public sector are not making progress fast enough. The threats and pitfalls organizations faced in the early 2010s are the same issues we’re facing in 2019: issues like malware, unencrypted data, spear phishing scams, and weak passwords.

Forbes reports that companies expect to “spend $93 billion” collectively on information security this year. “They keep pouring tons of money into protecting the network,” the author states, but “the real crown jewels … are in the data that sits behind the network walls. That data is often not protected.” That means there’s an increased interest in good cybersecurity practices, but organizations aren’t spreading that interest equally between their internal and external networks.

It’s not enough to lock the door. An organization’s crown jewels should also be kept in a vault. This ensures that even if someone gets inside, they won’t be able to heist their actual target.

In this case, the jewels are valuable customer information. The vault is encryption. And the security guard that puts the jewels in the vault is a type of cybersecurity solution called managed file transfer.

An Overview of Managed File Transfer Software

For a strategy that protects sensitive data and file transfers both in transit and at rest, we recommend using managed file transfer (MFT). MFT solutions already have a base foundation that, at minimum, keeps data secure and compliant with data security standards across the US and Europe. These standards include HIPAA, HITECH, PCI DSS, SOX, and the GDPR.

What is managed file transfer?

At its core, MFT is a type of solution organizations can use to meet their inbound and outbound file transfer needs. It uses industry-standard file transfer protocols (like SFTP, FTPS, and AS2) to send files securely in transit and uses encryption standards (like OpenPGP and AES) to protect data in transit and at rest.

What does “managed” mean?

The “managed” in managed file transfer refers to how the software automates and streamlines the exchange of data for you, thus reducing manual processes and eliminating the need for any legacy tools and scripts you might have. Data (including documents, images, videos, and other files) can also be exchanged via MFT across your private networks, systems, applications, partners, and cloud environments from a single point of administration.

To learn more about MFT and how it differs from other file sharing tools, read this article.

MFT: The Perfect Solution for Your Cybersecurity Strategy

MFT software isn’t just for sending files between users and systems. It comes with many features and modules that can be used to automate processes, ensure secure connections, track file transfer activity, and more.

Here are a few key features available in most MFT solutions that can help you avoid a successful data breach:

File Encryption

Unfortunately, most organizations suffer a data breach because their internal files and data are not encrypted. The recent Marriott breach, for example, exposed over 5 million unencrypted passport numbers. Other breaches happen because of how files are shared. An email that contains an unencrypted file, for example, could cause a breach.

MFT solutions use integrated encryption technologies like OpenPGP, SSL, SSH, and AES to secure sensitive data. Most also include a key manager that allows you to create, import, export, and manage your keys and certificates within the product.

File Transfer Automation

User errors and manual processes can also cause data breaches. By automating the encryption and exchange of sensitive files, processes and workflows will run without user intervention. This is especially useful when dealing with a high volume of file transfers. With automation, files will get where they need to go (whether its trading partners, remote locations, or even the cloud), and every file will be encrypted out of the gate.

Auditing & Reporting

Managed file transfer solutions support auditing and reporting for compliance needs. All file transfer and administrator activity is stored and easily searchable. For organizations that need to report on file transfer activity to remain compliant with regulations and laws, the audit logs can be generated and distributed as PDF reports. This can be scheduled on whatever basis is required by your company’s leadership or business partners.

These managed file transfer features can help you protect your files—and there are many more to learn about. For further information on using MFT as a cybersecurity strategy for data breach prevention, check out our guide: Developing the Right Strategy for Data Encryption.

So, How Should You Get Started?

There are five steps we recommend taking to get started on incorporating managed file transfer into your cybersecurity strategy:

1. Complete an audit of your current cybersecurity practices. Make note of which areas are putting you at risk, which areas are good, and which areas could use some improvement.
2. Review your data breach and incident response plan. If you don’t have one yet, now is the perfect time to create one.
3. Once you’ve looked at your incident response plan, read our Secure Managed File Transfer Buyer’s Guide for everything you need to know about finding, evaluating, and purchasing an MFT solution. An MFT solution will be part of your data breach prevention plan.
4. Download a free MFT trial and see how it works in your organization. The benefits are almost immediate, from file transfer automation to solid data encryption.
5. Build better connections between your network and web/cloud applications. If you decide to add MFT to your cybersecurity strategy, several solutions, including GoAnywhere MFT, offer built-in cloud integrations with applications like Dropbox, SharePoint, and JIRA.

A data breach isn’t written in stone for your organization. Don’t become the next statistic. Make 2019 the year you add managed file transfer to your cybersecurity strategies!

Share it