Most recent

Securely Sharing Data with Business Partners and Agencies

By Eitan Bremler

Do you store your financial records at an accounting firm? Do you store blueprints with a patent lawyer? Maybe you're a startup being funded by a venture capitalist—or your company is involved with mergers and acquisitions. The list goes on and on, but the point we're making is that there are a lot of reasons why your company might be sharing data with other businesses—but are you securely sharing those extremely sensitive information?

What's Out There, and Who's Listening?

Let's just pick one example to start with: Law firms.

Since 2009, as per a warning letter sent out by the FBI, law firms have been increasingly under attack by cyber-criminals. Even worse, hackers are specifically targeting the communications between law firms and their clients. This was the case in late March of this year, when over 50 top-tier law firms admitted to being the target of an underworld broker in Ukraine. This individual, known only as "Oleras," was attempting to hire hackers in order to eavesdrop on law firms who specifically handled mergers and acquisitions. Using this information, he would have been able to place insider bets on various stock exchanges, and potentially make millions.

Law firms are notoriously secretive about information security leaks, so we don't know how the attackers attempted to breach these particular firms, or whether they actually intercepted any information. What we do know is that where there's smoke, there's fire—if there's someone trying to listen to the communications of over fifty law firms, someone is probably trying to listen to you.


Insecure Communications Come With Consequences

Depending on what your business is, B2B data leakage comes with some serious repercussions, even if no data is technically lost. Under HIPAA (or other compliance regimes), an organization can send an email containing ePHI and have it be successfully received and read by its intended recipient—but if it is not securely shared without the right level of encryption, it still counts as a data breach.

This exact scenario occurred this year when BJC Healthcare, a nonprofit healthcare organization, emailed 2,393 ePHI records to a sister company in March. Since those records weren't completely secured via encryption, this amounted to a data breach under HIPAA. Let's do a quick assessment of how this will affect them financially:

As part of its comeuppance, the organization is offering a year of free credit monitoring to all affected individuals. A year of free credit monitoring costs about $60. If every person who was breached takes BJC up on this offer, it will cost them $28,716.00—and that's before any HIPAA fines are assessed. These fines take into account whether the breach could have been avoided, and if adequate measures were taken to prevent it. BJC sounds like they committed a Category 3 breach: they neglected to follow the encryption rule, and they should have known about it. In that case, the maximum fine they could be subject to is $50,000.

To recap, that's potentially a nearly $80,000 penalty, just for sending a single email that probably wasn't intercepted.

How to Avoid a Data Breach in Business Communications

Automatically applied encryption ensures that no one can absentmindedly commit a data breach. Automatically blocking emails that aren't addressed to known good recipients means that only those people you want to see your emails will read them. The ability to revoke access to emails after they've been sent means that even if an unauthorized party receives data from you, they won't be able to keep it. These abilities can be provided by the secure email component of Safe-T Box.

If you're really serious about security, however, why not cut out email altogether? Safe-T Box can turn any kind of storage medium—local folders, network drives, databases, and more—into a secure digital vault. With hefty 256-bit encryption automatically applied to every uploaded file, your most sensitive documents and data will be secure from bad actors, and allow for safe and secure data transfer between your business partners. Lastly, our secure MFT (managed file transfer) solution allows organizations to move these files from any kind of storage application to any other, without modifying their code, and without opening ports in their firewall.  You can try a free Safe-T Box demo right now—and if you're about to send secure business data, you probably should.

<< Watch the OnDemand Webinar: Unifying Your Data Exchange >>


All posts