tadamichi - Fotolia
What's the best solution for a company that wants to securely receive documents from other business partners electronically? The company in question frequently receives documents containing financial information from other external entities, and would like to ensure the documents being received are securely transmitted.
The ideal solution for secure email exchange would be to get all parties to agree on a proven email encryption tool, such as those offered by PGP Corp., Trend Micro Inc. or Entrust Inc. Using encryption, the company and its external business partners would be able to exchange emails and attachments without fear of an outsider being able to read them. An encrypted email is automatically "signed" by the sender's private key, so recipients have a built-in method of ensuring the sender really is who they seem to be.
If email encryption is not feasible, adequate security may be achieved by using a tool such as WinZip or WinRAR to compress and encrypt the sensitive material. The zip file can then be sent as an email attachment. You would, however, need each recipient to agree to one-time (single-use) passwords to encrypt and decrypt the file to ensure each transmission was properly secure. For maximum protection, the passwords would have to be exchanged via another medium, such as the telephone.
If the files are too large to be sent as an email attachment, you can always use a third-party file exchange service such as YouSendIt, but be sure to encrypt the data using one of the tools mentioned above before sending it.
If you need to exchange a large number of files with each recipient on a regular basis, you will probably find emailing files one by one far too onerous. In this situation you may want to consider using a secure FTP server or even a site-to-site VPN connection. So long as you set up each business partner's access correctly, this can provide a convenient drop-box style method for exchanging hundreds or thousands of files without exposing them to a third party.
Related Q&A from Peter Wood
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice. Continue Reading
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ... Continue Reading
There are a few different ways to approach mobile encryption. In this expert response, Peter Wood discusses the pros and cons of different mobile ... Continue Reading