Protecting the data used in business operations is an essential requirement for an organization’s confidential information.
Malicious users can intercept or monitor plain text data transmitted over a network or via removable media and unencrypted mobile devices.
Thus they gain unauthorized access, compromising the confidentiality of data considered sensitive and strategic. This is why secure data transmission is so important.
Criptografia como solução de segurança
Protection in these cases is done with cryptographic algorithms that limit access to the data only to those who have the appropriate encryption feature and its respective decryption.
In addition, some modern cryptographic tools also allow for condensation or compression of messages, saving transmission and storage space.
We have converged the need to protect data transmissions together with existing technological resources. Therefore, we have separated 10 recommendations that are considered vital to be successful in the whole process of sending and receiving data.
Malicious users can compromise the confidentiality of information during a data transmission
Data considered sensitive or restricted with regard to data protection must be encrypted when transmitted over any network. This must be done in order to protect against interception of network traffic by unauthorized users. Attacks of this type are also known as Man-in-the-middle, click here to learn more.
In cases where the source and destination devices are within the same protected subnet, the data transmission must still be protected with encryption, due to the potential high negative impact of a data breach and theft. In addition, employees tend to have less concern when they are within a “controlled” environment, believing themselves to be safe from attack.
The types of transmission can include client-to-server communication, as well as server-to-server communication. This can include data transfer between main systems, between third party systems, or P2P transmission within an organization.
Additionally, when used to store restricted data, removable media and mobile devices should also use encryption of sensitive data appropriately, following security recommendations. Mobile devices include laptops, tablets, wearable technology, and smartphones.
Emails are not considered secure, and by default should not be used to transmit sensitive data unless additional data encryption tools from these services are used.
When trying to protect data in transit, the security professional should consider the following recommendations for designing secure information transmission:
- Where the device (whether client or server) is accessible via a web interface, traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols and transport layer security;
- Data transmitted by email should be protected using email encryption tools with strong encryption, such as S/MIME . Alternatively, before sending an email, users should encrypt data using compatible file data encryption tools and attach it to the email for transmission;
- Data traffic not covered by the web browser should be encrypted via application-level encryption;
- If an application database is outside the application server, all connections between the database and the application must also use encryption with cryptographic algorithms compliant with recommended security and data protection standards;
- When application-level encryption is not available for data traffic not covered by the Web, implement network-level encryption, such as IPsec or SSL encapsulation;
- Encryption must be applied when transmitting data between devices on protected subnets with strong firewall controls;
- Develop and test an appropriate data recovery plan;
- Follow the recommended requirements for creating strong passwords that should be defined in the organization’s security police. Also, adopt some management tool to store the access data and recovery keys;
- After the data is copied to a removable media or mobile device, verify that it works by following the instructions for reading data using encryption. Also take the opportunity to include in your recovery and contingency plan tests of opening backups that have been encrypted;
- When unattended, removable media (or mobile device) should be stored in a secure location with limited access to users as needed. And be aware of the keys that were used to encrypt the backup.
Support and internal policies are also very important
The last recommendation is to have proper supporting documentation for this entire data transmission process. Security policies and processes need to be validated through frequent testing that can guarantee the efficiency of all procedures to be carried out.
Finally, don’t forget to create an awareness policy made for the company’s employees. Adopt training and campaigns that demonstrate the importance of following the organization’s security and data protection policies and processes.
Data encryption tools to support secure transmission
End-to-end encryption is usually performed by the end user within an organization. The data is encrypted at the beginning of the communications channel, or earlier via removable media and mobile devices. In this way they remain encrypted until they are decrypted at the remote end.
To assist this process, the use of encryption tools provides the necessary support for secure data transmission.
There are several tools for encrypting data, but it is important to pay special attention to key management. For if you get careless and lose the key, you will lose the content that was encrypted as well.
Therefore, we always recommend the correct use of equipment and platforms that manage the key, its life cycle, as well as access control. After all, with a more comprehensive use, management can get complicated using only Excel spreadsheets.
The Challenge of Data Traffic
One of the main goals throughout history has been to move messages through various types of channels and media. The intention has always been to prevent the content of the message from being revealed, even if the message itself was intercepted in transit.
Whether the message is sent manually, over a voice network, or over the Internet, modern encryption provides secure and confidential methods for transmitting data. It also allows the integrity of the message to be checked, so that any changes in the message itself can be detected.
In short, the adoption of encryption should be a priority for all companies, regardless of their industry or size. Today, data protection has become critical to the success of any business and therefore cannot be ignored by any organization.
Finally, read more about data protection and privacy in our blog and learn how to apply encryption technology effectively in your company by contacting EVAL’s experts. We are happy to answer your questions and help you define the best ways to protect your organization against data leakage and theft.
A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.
Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.
Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.
Eval, segurança é valor.