confidential files Archives

Every time it becomes more common to hear that a company must pay a fine for not complying with data protection regulations in Europe in particular, the GDPR has become one of the major concerns of organizations. It is clear that data should be protected, the question is, what should we protect? And also, why encrypting files is the best way to protect your company?

Frauds, phishing, cyber attacks, data leaks, malware, among others, are terms that are becoming increasingly common; they are attacks to which any company or person is exposed to suffer at any time. To understand the consequences of this type of attack, you have to understand the causes of the problem, the information that the company deals with and how it is handled.

Personal data and privacy

Although it is not the only information that a company should protect, it can be considered the most valuable and at the same time vulnerable data that an organization manages. It is about everything that concerns the identity of a person, whether public or private, and each one decides whether it can be shared or not.

Everything that refers to personal data such as: contact data, physical characteristics, data related to your assets, biometric information, professional training, including ideological information, sexual life or ethnic origin, among others, refers to information that if reach the wrong hands, It could affect their reputation or safety.

It is not only about personal information but also about confidential information of the company that is also susceptible to a security breach and could cause serious financial problems.

What should be done with the information obtained?

It is the responsibility of the company to safeguard the integrity of the people from whom it handles such information. This refers to any type of action taken with these data: the way it is collected, processed, stored, transferred or even destroyed.

Therefore, the procedure should be:

Know the type of information handled.
Classify it according to its value, if it should be public, private and above all, who will have access or not.
Identify which are the possible threats and the possible consequences.
Apply the necessary tools for the protection of information, especially the most confidential one. In this step is where encrypting files is useful.

Encrypting files: Classification and examples of information that must be protected

Some examples of information that must be protected with encryption systems can be:

– Company files: sensitive data for the company such as business secrets, bank documents, including passwords that give access to confidential documents, corporate devices, credit cards, market studies, etc.

In the case of personal files could involve employees, customers or any other person related to the company. Some examples include:

– Employee files: personal data of employees (such as those mentioned above), identification documents, medical reports, etc.

– Client files: Identification documents, payment data, contact data, among others.

In the case of clients, it is important to understand the obligation to protect the data they are offering and should be used only for the purpose they decided. Therefore, if you are requesting a client’s email to subscribe to the company’s newsletter, it should be used only for that and not for other purposes. For example, to promote other products of another company, since this can be sanctioned in many countries.

Why encrypt the files?

Encrypting your files can be one of the best options to protect the sensitive information of a company. Nowadays, the most used and effective method to protect your data is an encryption system, in which you can secure that information is completely protected.

It is important to highlight the level of security offered by an encryption system. It is a much more powerful tool than a password since they only protect access. Encryption protects data directly, making it impossible to see the contents of files.

Encrypting files easily with HushApp

To comply with all data protection regulations that each country requires, it is important to use the appropriate security tools.

That’s why we introduce you the HushApp. It is a safe alternative to other file submission services, since it facilitates the daily protection of company data and helps safeguard your customer’s sensitive information.

How? Implementing high-level encryption methods in a simple and transparent way for the user without affecting the efficiency of business processes. Security, usability and a good user experience are all our priorities.

Using HushApp you will have the opportunity to offer additional value to your customers, protect your own confidential information and allow your work team to perform easily and safely actions.

We invite to try HushApp …

We always think that it will happen to someone else, but finally it happened to you, you are the victim of a cyber attack. You arrived at that moment where your company suffers not only financial damages, but also negative publicity. Rumors begin and social networks are activated as an unauthorized information dissemination center, all while employees frantically nervous about their future work. This is a cyber crisis, how can a reputational crisis caused by a cyberattack be managed?

During any crisis there are three stages: before, during and after. At all times, the important thing is that the company knows how to deal with them. In the particular case of cyber attacks, it would be advisable to do the following.

The before: better to prevent than to regret

In the past it is not just about being careless because you believe that nothing will happen, it is being aware that it has not happened yet, but at any moment it could. Cyber attacks are the priority of the day and consequently the crisis that entails, too. What can you do to prepare your company?

Know what you are exposed to: It is important that you know the risks to which your company is exposed to. To do so, you must determine what the most common attacks are, what hackers are looking for, and what damages they could cause. If you have clear answers to the following questions, it will make it easier for you to understand the possible scenarios of cyber attacks:

What are my confidential files and how do I protect them? What would happen if these files came to light?
What are the financial or legal risks that a cyber attack could cause the company?

Train employees on cybersecurity issues: If the company trains and educates its employees on cybersecurity issues, the risks will be reduced.

Have a crisis manual that includes management in the case of cyber attacks: Many companies manage this manual to handle possible crisis scenarios. With the rise of cyber attacks, it is essential today to talk about cyber crisis and act before they occur.

Carry out simulations of cyber crisis: This will allow you to familiarize yourself and the employees with this type of situation and thus take an approach with organization and calmness.

Have an insurance against cyber attacks: This type of insurance has coverage against cyber risks such as malware, DDos, ransomware, etc. It is important that the company evaluates the possibility of purchasing this type of insurance.

During the cyber crisis:

You have joined the list of companies that have suffered such attacks, now is the time to know how to act.

Convene a crisis committee: This committee must be made up of people with enough authority to make decisions, such as a CEO, board of directors, etc. In addition to the legal team, communication advisors and the computer team are necessary to track the attack.

Search qualified advisors: It is important to hire people who have experience in this type of field. Both legal and communication advisors must also work hand in hand in their strategies.

Inform all your employees and stakeholders: When a crisis occurs the media will seek, in any way, to obtain a source of information. In addition, employees often disseminate information on their social networks about what happened (even if it is not true). Therefore, employees can unwittingly become spokespersons for the company.

That is why it is essential that the company personally inform its employees of what has happened, before it arrives through others, this will prevent the dissemination of unofficial information.

All the stakeholders involved with the company and especially if they were affected must be properly informed of what is happening. This includes the media, to which they must prepare a respective communication, press conference, or any mode of information considered by the communication advisors more convenient to deal with the crisis.

It is best to recognize when the problem exists and not deny it, because in the end everything can be known in one way or another.

The after and the learning

After the storm comes the calm, after the cyber crisis is over, the company must:

Report how the situation was solved: Your audience should also know how the problem was solved. The more transparent and detailed the better.

Evaluate the situation: Analyze the situation and learn from mistakes, what should be done to improve the company’s security and how to channel it.

We can all be victims of a cyber attack, the important thing is to be aware that we are vulnerable and be prepared, as best we can, to deal with its possible consequences.