What is HIPAA? The Health Insurance Portability and Accountability Act, often referred to by its acronym HIPAA, is a federal law regulating the United States healthcare system. The primary purpose is to protect the privacy and security of individuals’ health and medical information, namely Protected Health Information (PHI), and give certain inherent rights to that information.
Over the last few weeks, we have focused on authentication progressing through an overview of Multi-Factor Authentication (MFA), the most used type of MFA – one-time password (OTP), and today we will review some of the most common delivery methods for OTPs (One-time passwords). Regardless of which One-Time Password (OTP) authentication method you use, choosing an OTP generator like an authenticator app or key fob is a safer way to use MFA/OTP than, say, SMS texting. Cyber criminals have found ways to intercept SMS codes, whether it’s SIM card fraud, accessing an iCloud or Google account tied to your messaging, or by sending you an infected link allowing them to take control of your phone remotely and view your messages directly on your device. While SMS-based MFA might be better than no MFA at all, it is a lot less secure than using a hardware/physical key code generator like a key fob (which we reviewed in our last blog) or having an authenticator app on your mobile device.
Are you trying to select a new file sharing solution, but you have a few questions first? Explore these common questions about file sharing solutions and find out their answers.
The evolution of multi-factor authentication (MFA) is like that from the turning rotary phone, to the first mobile phones, and then the smartphones we use today. The ever-changing landscape of threats and best practices has led to constant innovation in authentication. The MFA we have today is vastly different from that of the ’90s when the earliest form of two-factor authentication (2FA) was invented and patented by AT&T. 2FA is just as the name implies: in addition to a password, an additional factor of authentication must be used to ensure the users' identity. This is especially true when it comes to your personal information (PII) or your organization’s proprietary information (PI). As we all know, a password is only as strong as the person using it, and to remember a password a user may tend to make it something easy like password123! or write it down and stick it to the back of their keyboard. This makes the idea of adding a second form of authentication very appealing as it could drastically decrease the risks associated with weak password policies and poor security practices. In fact, this has been proven to be highly effective at stopping cyber attacks using username and password combinations.
In the IT industry there are many words used when discussing the topic of authentication. Some of those words often used are multi-factor authentication (MFA), two-factor authentication (2FA), time-based one-time password (TOTP), one-time password (OTP) and more. It is important to understand that here are dependencies and differences amongst these terms. For example, two-factor authentication (2FA) is a subset of multi-factor authentication (MFA) because it requires more than 1 form of authentication - i.e 2FA is under the MFA umbrella. Additionally, there are multiple types of 2FA/MFA such as one-time password (OTP). Lastly, there are variations of OTP methods like TOTP, HOTP, etc. Therefore, all of the above would be considered multi-factor authentication. Your authentication method(s) can thwart would be attackers. It seems like all too often we hear about a different company falling victim to a cyberattack (some of which are massive enterprise corporations/conglomerates). In this blog we take a look at the various methods of authentication available to protect your business.
Over the last month we have written several pieces of content reviewing the differences in the infrastructure, software, and categories of file sharing/file transfer solutions. This blog will be the last installment of this series. In this blog we deep dive into some of the largest security breaches in the file transfer/file sharing industry, the consequences and how to avoid falling victim to a cybersecurity attack. One of the largest growing security threats in business today is data and information security. Protecting your organizations files and other important data from hackers is crucial to business operations. Unfortunately, the damaging effects of a data breach have impacted some of the largest companies in the world like Accellion, AWS, Morgan Stanley, CVS, Wegmans, Microsoft, Facebook, HubSpot and more. On the surface, many of these organizations seemed like they would be impenetrable. The size or nature of your business does not matter. It is more important than ever to protect your information from hackers – specifically enterprise data such as personal identifiable information (PII), personal healthcare information (PHI), payment information, or covered unclassified information (CUI). It is crucial to understand that how this data is sent or shared, stored and received is any organizations biggest threat.
In our last few blog posts, we’ve explored potential options and solutions for file transfer platforms. However, we wanted to specifically emphasize the comparison between MFT (Managed File Transfer)/MFTaaS (Managed File Transfer as a Service) and EFSS (Enterprise File Sync and Share). Some key terms we hear regularly in IT conversations - specifically about data/information or file sharing/transfer - are MFT (Managed File Transfer), MFTaaS (Managed File Transfer as a Service) and EFSS (Enterprise File Sync and Share). Both MFT and EFSS can be implemented on premise, in the public cloud, private cloud, or hybrid cloud, while MFTaaS is marketed as a SaaS option where your organization is procuring the management and software from a vendor such as FTP Today to remove the additional management load of infrastructure, platform, configuration and monitoring from administrators. Additionally, all these solutions are going to be used for transferring or sharing data/information, files, etc. to/from multiple devices, locations, users, organizations, but EFSS stands in contrast to MFT/MFTaaS. An additional concern for IT being burdened with the task of deciding if EFSS or MFT/MFTaaS is the more secure option. This is caused by the rise of external information security regulations and internal increases in security posture requiring more robust cybersecurity defense. There is confusion around the resemblance of these solutions. Can these solutions be used synonymously? When should you use one or the other? Do these solutions do the same thing? We wrote this blog to hopefully clear up some of these questions!
What is File Transfer + File Sharing? File sharing is the practice of sharing or enabling access to digital media, including documents, video files, graphics, etc. Anytime you are moving one or multiple files, documents, etc. from one place to another you are executing a transfer if information! Isn’t this exciting stuff? What is Secure File Transfer + File Sharing? Secure file sharing is the act of sharing information (files, folders, etc.) digitally and securely by protecting this information from unauthorized users, intruders, and other malicious manners. When a business or organization needs to share or transfer confidential information to specific person or group it becomes the utmost importance to ensure you are transferring information and sharing files securely.
Since the beginning of the internet, it’s been necessary for organizations to transfer data from one location to another for processing, to store it for a future purpose, or to share the information with others. The 1’s and 0’s that makeup the data today are the same as when the internet first launched in 1984. But what’s changed? The answer (as you intuitively may have guessed) is almost everything else. As Plato said: “necessity is the mother of invention,” and as we began transferring more and more information around the globe and into our homes and offices, we needed larger, faster networks, and increasingly advanced platforms to accomplish this. We curated this high-level overview to provide a full picture of the infrastructure solutions that exist in the market today and the advantages and risks of each.
When the Department of Defense initially announced version 2.0 of its Cybersecurity Maturity Model Certification (CMMC), it was meant to be good news for small and mid-sized businesses and contractors that work with the United States Military. CMMC 1.0 put a heavy burden on these smaller organizations to create systems and manage controls that they simply didn’t have the in-house resources to create and manage. But planning for the CMMC 2.0 model brings to light just how challenging compliance remains for small- and mid-sized organizations. While CMMC version 2.0 has been framed as less of a burden for smaller businesses and contractors, there’s still a lot of work to be done to reach full compliance.
The U.S. Department of Defense (DoD) manages an annual budget that stretches into the hundreds of billions. Much of that money is spent with the 100,000-plus third-party contractors that participate in the nation’s defense industrial base (DIB). The DoD and these contractors must share files and information, and they must do so in a secure manner — for obvious reasons. Today, the DoD offers DoD SAFE as a portal where DIB contractors and members of the U.S. military can share PII-, PHI-, and CUI-related files securely. But is DoD SAFE the best option for your organization? There are DoD SAFE alternatives that are easier to use while providing a level of security that meets DoD expectations for files that fall into these categories. If you’re one of the many defense-related contractors searching for DoD SAFE alternatives, continue reading to learn more about the history of DoD SAFE and your other options for securely sharing files with the U.S. Military.