File Transfer: Debunking 3 Myths

It’s almost a regular topic on the news: organizations that lose a USB flash drive. How does this happen? Recently, a well-willing member of the GGD (Dutch Municipal Health Service) recently sent a USB flash drive with detailed information about a specific family via the post. Upon receipt of the package, it turned out there was a hole in the envelope and the USB flash drive was missing. That’s unpleasant for the GGD. They had to report the data leak to the Dutch Data Privacy Authority and now risk a penalty. It’s also unpleasant for the employee who will visit the concerned family with a bouquet of flowers to make amends. Ultimately, the data leak is the most unpleasant for the family, of course. That’s because once sensitive information is on the street, it cannot be retrieved again that easily. Whether and in what way will it harm you? Who can tell?

Why do these kinds of items continue to come up on the news? Why do organizations share files unsecured? Do they not know better, or are they sincerely assuming that this is the safest way? We debunked 3 myths about file transfer.

Myth 1: Using an encrypted USB flash drive is safe

Since the inception of the GDPR in May 2018, organizations are obliged to report severe data leaks quickly and in detail. The default example of a severe data leak is a lost USB flash drive. Anyone who receives the USB flash drive has access to the data. Now, this can be frustrating when the drive contains holiday pictures, but that's not the end of the world. If this USB flash drive contains sensitive information about tenants, patients, or citizens, that’s when you’ve got a real problem. But encryption, that helps right? Not 100%. Anyone who has access to the USB flash drive has access to the encrypted data. There is no way to determine whether unauthorized persons have accessed and copied the data to their own disk to crack the encryption, for example. The encrypting method makes it a little or even much harder to gain access to the data, but it does not make it impossible. Encryption alone is not enough. Access restriction and logging are indispensable for optimal security, and that’s a little difficult with a USB flash drive.

Myth 2: My sensitive data remains secret when I use free file transfer.

Well, we live in 2019. A USB flash drive is considered old-fashioned by many. The Internet offers excellent services such as 4shared, which also make it possible to securely transfer (large) files from A to B, doesn’t it? You are right, it does. However, the question then becomes whether free online file transfer services are safer or better than the USB stick. For several reasons:

  1. Commercial purposes: The reason these services are predominantly free is that you pay in a different way: with your privacy, or by viewing advertisements tailored to internet behavior by these services or third parties by using so-called cookies. This does not happen with a USB flash drive.
  2. Big brother might be watching: Is the data stored in America? If so, the files are subject to the US legal system. This means that, under the guise of the Patriot Act and the fight against terrorism, the authorities are allowed to see all files. This also applies to services such as WhatsApp or Dropbox. Here too, the question applies: would you prefer a USB flash drive?
  3. No protection against human error: More than 50% of the data leaks are caused by human error, such as addressing to a wrong recipient or attaching the wrong file. Existing services do not provide protection against this type of data leak. In fact, for most services, anyone who has access to the mail with the download link, has direct access to all files. The protection against unauthorized access is similar to that of a USB flash drive, because encryption or repairing the error is impossible. Access really means access.

Myth 3: Sharing sensitive data securely is difficult and costly.

The main reason for the use of USB flash drives and free online service is the ease of use. USB flash drives are always available and a service such as WeTransfer or Dropbox is easy to use. And when something is easy, we all are happy to use it. This implies that most professionals assume that safer solutions are too complex by definition. This may have been true in the past, but this myth now also has been debunked. With ZIVVER, you can safely send large files (up to 5TB!) from Outlook. No more workaround needed, and still safe. Don’t you use Outlook? Then use the Web App or the mobile app. Within a minute, you will be 'up and running'. And the best thing is: recipients don't need an account or app. It's that simple. 

What makes ZIVVER safe? 

  • ZIVVER stores the data encrypted. We cannot watch the content of the messages sent or received. Private really is private. 
  • Because all our ISO27001 certified data centers are within the EEA and not in America. 
  • Because we not only encrypt messages and files but also perform an extra check to make sure it really is the intended recipient requesting access. Only the person or people you want to give access will get it. 
  • Because we also check whether you are sending the correct file to the correct recipient. This is how we protect you from an error before you make it. That means no penalty and no need to make amends with a bouquet. 
  • Because we contractually agree with you that we do not use any of your data for other purposes, that we do not transmit data to third parties, and that we also do not work with third-party commercial cookies. No advertising, either targeted or unfocused. 

Convinced? Don't throw your old USB flash drive out just like that! Erase them with special software, or have them destroyed by a specialized company. Are you cancelling your use of an online service? If so, follow their instructions to remove as much of your information as possible.  European legislation really supports you and your rights when it comes to personal data. Do not hesitate to use this.

ZIVVER has put together a detailed information page regarding secure email and file sharing. Click on the button below to be redirected to it.

Go to secure email & file sharing page

RELATED
Sales_Channel_UK_Email_Security_DPA

ZIVVER set to expand its sales channel for email security in the UK

Fresh off a media tour to support the recent launch of ZIVVER’s secure email and file transfer solutions in the United Kingdom, ZIVVER is poised to announce new channel partners shortly. These partners will help support the company’s aggressive growth strategy in 2020 and beyond. […]

Read more
FromAtoZivver

Cybersecurity Awareness Month: Email and File Transfer Security

When people think about email security, they typically associate it with widely reported hacking incidents, often nefarious in nature. These breaches tend to be higher in profile for a multitude of reasons, but actually account for a lower percentage of data breaches overall. For many organizations, the biggest threat to protecting privacy-sensitive data simply comes […]

Read more
How_does_the_Data_Protection_Act_2018_DPA 2018_supplement_the_GDPR_in_he_UK_ZIVVER_EN_blog

How does the Data Protection Act 2018 supplement the GDPR in the UK?

Overview:  Makes the previous data protection laws fit for the digital age when an increasing amount of data is now being processed. Empowers individuals to take control of their own data. Supports Organisations and UK businesses with this change. Ensures the UK is ready for the future after BREXIT. DCMS Secretary of State, Matt Hancock stated: "The Data Protection Act […]

Read more
Introducing-open-conversation-starters-A powerful-new-feature-live on ZIVVERs-platform-blog-eng

Introducing open conversation starters! A powerful new feature from ZIVVER.

One of ZIVVER's most convenient and unique features is the conversation starter. It allows people who don't have an account (guest users) to take the initiative for a conversation with a ZIVVER user, in the same secure email environment. It protects both senders and recipients from possible data leaks caused by guest users. […]

Read more
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more