Sharing Sensitive Documents With a Third Party
You have a document, video or audio file with sensitive information on it and you need to send a copy to a third party. What options should you consider?
Three options come to mind: email, Dropbox or flash drive.
Sending an email is basically the same thing as sending a postcard. While there are efforts one can use to change this, email remains pretty wide open. This is true and scary; anyone who wants to read your email (not just the NSA) can read your email.
Most times you can send sensitive documents through email and nothing will happen. However; you are playing Russian roulette (almost literally, given the recent theft of 1.2 billion email account credentials by a Russian gang) with the security of that transmission. Remember, the topic of this post is about sharing sensitive data with a third party.
The next logical step would encrypting the email (or files) attached in the email. Encryption is a good option and certainly more secure than sending the email without encryption. You could run into a file size limitation though. Most videos will be larger than a 20MB, which is (generally) the maximum file size one could attached in an email. Encryption is a good next step, but there is a bigger issue at hand than file size. More about that in a few.
Dropbox is next on our list of most obvious options to share sensitive data with a third party. Dropbox is a great option when you have larger files. With Dropbox you could upload those big audio or video files and provide a download link for your recipient. Dropbox doesn’t encrypt your data by default so there is some exposure there. A quick and relatively safe method to encrypt your files using Windows would be compressing the video into a zip file and assigning it a password. Encrypting the data will provide that extra layer of security. As with an encrypted email, the encrypted Dropbox alternative also has a major flaw.
Ask yourself, “Do you trust the recipient?”
If you cannot answer that question with absolute certainty, then sending sensitive documents to a third party using encryption is not the most secure method. It is important to understand, with encryption the files are secure while in transit from the sender to the recipient, but once the recipient puts in the password to decrypt the file, they can do anything they want with it. When the password decrypts the file, all the security goes away. When dealing with legal matters and sharing sensitive data with third parties, a major criteria will be to insure the file cannot be changed, manipulated or put into the wrong hands. With that in mind, copy protection is the better alternative for sharing sensitive data.
It is important to understand the difference between encryption and copy protection. Both technologies use encryption to protect the file, the big difference is trust of the user for the protected file. With encryption the only security feature is the password. Encryption is great for protecting files when the user is in your circle of trust. Think of your computer back-up files stored on a USB flash drive and that drive is dropped in a parking lot by mistake. Anyone who found the drive could not view the data because the data is encrypted with a password. They could not see your back-up files unless the correct password was entered.
Let us change the scenario just a little.
In this scenario, sensitive files are to be shared with a third party whom you don’t necessarily trust. It is important the files have a password to insure only the intended recipient can view the files and in addition, you need security to make sure the recipient cannot save the files, print the files, stream, share, upload or export the files. By changing the situation to this scenario one can see the value with copy protection is greater than the value of encryption. As with copy protection, the file can only be viewed, nothing else can be done with the file.
The last option from our original list is the USB flash drive.
As with email and Dropbox, one could encrypt the files and place them on a flash drive and send to the third party. But as we just discussed and highlighted, encryption is not the best solution for this situation. A Copy Secure flash drive which provides USB copy protection is the best alternative for this situation. The Copy Secure flash drive is manufactured by Nexcopy and carries a variety of features specifically designed for sharing files with “not so trusted” recipients.
The Copy Secure flash drive is write protected after the data is put on the drive. This means the flash drive is read-only. It is impossible to format the drive, delete the files on the drive or manipulate the files on the drive. The write protection feature is done at the hardware controller level, it is not a software solution, which means the most secure method for locking the device. The files on the drive are encrypted. A viewer application runs from the flash drive for either a Windows computer or Mac computer which displays the files. The viewer application is very secure and blocks the ability to save the file, print the file, screen capture, stream or export the files.
The Copy Secure drive comes with additional value add features as well which are focused on digital rights management of the files. The user has the capability to assign a password, or not, to the files. The user can establish an expiration date which will restrict the user for accessing the files after the established date is reached. By default the files loaded to a Copy Secure drive are copy protected; however, the user has the capability to allow printing or saving of files they deem as necessary.
On a closing note, some users might not have the ability to provide proof of delivery of the sensitive files when using email or Dropbox. With a USB drive, you can send it certified mail or through a registered FedEx or UPS label to insure proof of performance on delivery of sensitive data. As mentioned before, the data on the Copy Secure drive is read-only, so the recipient cannot accidentally delete or format the files of the USB stick. Yet, when using email or Dropbox the recipient could delete the files and claim they never received them.
There is a difference between encryption and copy protection and this article was designed to differentiate the two definitions.
Source: Nexcopy Inc. under USB Copy Protection