October 21, 2008A New Encryption Law
FileWorks™ can help companies securely transfer sensitive data
From major corporations to small business operations, Nevada is cracking down on how businesses handle private client information. The state has taken aim at email and other methods of electronic transfer of information with a new law (NRS597.970
), effective October 1, 2008, that regulates the way businesses handle consumers' personal and financial information. It prohibits transferring a customer's personal information outside the secure system of a business unless that transmission is secured by encryption.
Under the statute, personal information is defined as
and at least one of the following:
- social security number,
- driver's license number,
- ID card number, or
- account, credit card or debit card number when combined with security code or password information that would allow access to the person's financial account.
The new legislation centers on the vulnerability of email, which has become a primary communication tool for many businesses. Email is typically sent in plain text over the Internet where it is susceptible to interception. While email encryption is becoming available, companies often overlook another less obvious risk: the long life of an email.
Months and even years after an email is sent, it can still reside in email inboxes and files. Email can easily be forwarded on, ending up in an email chain that can live in the virtual world forever—leaving the company with no workable way to track the email or attached documents.
Exposure Risks with Faxing
While the law does not apply to faxing, there are exposure risks with faxing, as well. Documents sitting in the inbox tray are vulnerable. Misdialed fax transmissions can land a considerable amount of private information in the wrong person's hands. When a fax goes astray, it is difficult to track the fax number to the proper owner and almost impossible to retrieve the information once it has been sent.
A Secure Solution: The Virtual File Cabinet
A virtual file cabinet is a quick, easy and economical solution for securing private customer information—and complying with the new law. A virtual file cabinet encrypts documents while storing them in a secure location, while providing a secure, trackable method for accessing the information. Additionally, a virtual file cabinet gives a company:
- the flexibility to grant anyone inside or outside the company access to specific folders
- the convenience of securely accessing documents from almost any computer with an Internet connection
- the simplicity of an easy-to-use interface with features, such as email links that point to, but do not contain, the sensitive information
- the security of requiring recipients to log in to review the information
- the accountability that comes with an audit trail showing who has accessed a document
- the protection of comprehensive security features
- the peace of mind of knowing that the encrypted files are replicated to an offsite storage location
Using a virtual file cabinet further secures files by keeping them in a central location instead of on computers and laptops—another security vulnerability. Data from a 2006 Ponemon Institute study indicates that 45% of data breaches are the result of lost or stolen laptops. With a virtual file cabinet, the information is not stored on an individual computer, but can be accessed with an Internet connection on almost any computer.
When selecting a virtual file cabinet, security is important. Look for:
- security certification from an outside source, such as the Intel Certified seal
- transmission encryption certification, such as VeriSign or Network Solutions
- anti-spoofing certification, such as VeriSign or Network Solutions
- real-time offsite replication of files to back up the primary servers
- compliance with technology standards for HIPAA and SOX regulations
- encryption of all files while stored in the virtual file cabinet
- company integrity and expertise, including the number of years the company has been in business and the other products they offer that deal with sensitive data
In these uncertain financial times, a virtual file cabinet can save a company thousands of dollars on primary and backup servers and IT staffing. Implementing a virtual file cabinet limits a company's exposure to data breaches that can result in lawsuits and fines, and can help prove due diligence in information handling. A virtual file cabinet is software-as-a-service; there is no initial investment or setup fee and most companies offer a month-by-month payment option. A basic virtual file cabinet can cost less each day than a cup of coffee.
Setting up a virtual file cabinet is quick and easy. Most companies also offer a few weeks to try the product at no charge. Simply put, a virtual file cabinet is a powerful—and affordable—answer to business security concerns in the digital age.
Alan Shaw is CEO of FileWorks™, Inc., a Nevada-based document management software developer established in 1997 that offers a secure virtual file cabinet, available for free trial. In addition, the company provides image and workflow software for complex document routing and processing.