So Many Rules, So Little Time for Compliance
Securing Company Data with EFT
Do you think that if we had more data rules and regulations, your data would be safer? Here’s a small sample of many of the regulations that are already in place, or have evolved over time that are intended to make data more secure.
- The Privacy Act of 1974
- E-Government Act 2002
- EU General Data Protection Regulation (GDPR)
- Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
- Office of Management and Budget M-07-16
- National Institutes of Standards and Technology (NIST) Special Publication 800-53, Revision 4
- Security and Privacy Controls for Federal Information Systems and Organizations
- The Health Information Technology for Economic and Clinical Health (HITECH)
- Federal Information Security Management Act (FISMA)
- Federal Risk and Authorization Management Program (FedRAMP)
- Gramm–Leach–Bliley Act (GLBA)
- Federal Financial Institutions Examination Council (FFIEC)
- DoD Information Assurance Certification and Accreditation Process (DIACAP)
- Sarbanes–Oxley Act (SOX)
- FIPS 140-2 (The Federal Information Process Standard Publication 140-2)
Let's play by the rules
“Nearly 1.4 billion data records were stolen by hackers or lost during 2016 – almost double the numbers which were compromised the previous year and indicating the ever growing threat posed not only by cyberattackers but accidental data breaches by insiders.”
Rules, regulations, standards, and policies are established to protect data. While it may be difficult to create legislation that manages or corrects behavior, we can implement preventative security measures through security policies and employee training. According to the Ponemon 2016 Cost of a Data Breach Study: Global Study, “25 percent of all breaches were caused by human error.” In many cases, data breaches can be avoided with simple common sense.
To protect your customers and your organization from theft, fines, and criminal charges due to data breaches, several very simple safeguards can be put in place:
- Protect data in transit - Encrypt emails that contain personal information, use only authorized, encrypted mobile devices to store personal information, and don't forward/upload personal information to personal accounts or unauthorized websites. Additionally, don't leave devices or papers that contain personal information unattended in airports, hotel rooms, and restaurants.
- Store data securely - Encrypt files that contain personal information, and don't send usernames and passwords in the same email. Provide passwords in person or on the phone when possible. Only allow access to such data as needed. In fact, don't store the data at all if you will never need it again.
Secure Your Data at Rest and In Transit
Modern compliance regulations require that organizations follow strict industry and government data security standards in order protect sensitive data from the many security risks—from hackers, cyberthreats, and other unauthorized access of private data. In order to meet the strict compliance regulations, organizations need a centralized platform to monitor, track, and protect any and all sensitive and private data under their purview.
How can they ensure that their sensitive and regulated data is kept secure? One powerful, proactive, and preventative solution is Globalscape’s managed file transfer platform, Enhanced File Transfer™ (EFT™).
EFT can help you transfer data securely, automatically, and within compliance guidelines. Unlike traditional file transfer software, EFT provides enterprise-level data security for collaboration with business partners, customers, and employees, while automating the integration of back-end systems.
Built-in regulatory compliance, governance, and visibility controls help keep your data safe, while outstanding performance and scalability help boost operational efficiency and maintain business continuity. Administration is easy, yet granular enough for complete control of your file transfer system.
EFT helps facilitate compliance of your patient, client, customer, and business data to meet data transfer standards mandated by HIPAA, HITECH, SOX, PCI DSS, and other government and industry mandates.
With EFT you can:
- Protect data in transit or at rest
- Track and audit user activity and file movement
- Meet requirements for data wiping and sanitization
- Monitor and alert on potential violations of security standards
- Capture compensating controls and generate reports on compliance status