A small Wyoming bank made national headlines when it filed a lawsuit against Google after an employee inadvertently sent sensitive customer data to the wrong user’s Gmail account (http://www.informationweek.com/story/showArticle.jhtml?articleID=220100410). This incident reaffirms that a company doesn’t need to be the target of a massive plot by hackers to suffer a costly and damaging data breach. In this case, simple user error resulted in the disclosure of sensitive data to unintended parties.
Obviously companies need a mechanism to exchange sensitive data with their partners and customers in order to conduct business. Ignoring the obvious problem, using email to pass data in plain-text and no authentication to speak of along with the risk of the “Fire and Forget” nature of email is what really struck me about this incident. Once the email containing sensitive data was sent, the sender had zero control or visibility into what happened afterwards.
Deploying a solution like MOVEit DMZ with Secure Messaging is a reasonable way to reduce the risk posed by sending sensitive data by email. Using MOVEit DMZ provides for end-to-end encryption of the data, integrity checking, audit logging and non-repudiation, but in this incident, the two-step approach to sending sensitive data really saves the day.
When using MOVEit DMZ and Secure Messaging to send sensitive data to an external partner or customer, rather than pushing the sensitive data all the way to the intended (or unintended) recipient, that data is pushed to the MOVEit DMZ server where it is stored encrypted and available for pickup. The intended recipient is sent temporary credentials and a link he/she can use to access the sensitive data. All access is audited, so the sender knows exactly who, if anyone, has accessed the sensitive data.
In this particular incident, had MOVEit DMZ been used to send the sensitive data to the customer, the temporary credentials sent to the unintended recipient’s email account could have been immediately recalled as soon as the mistake was noticed, before any sensitive data was accessed. Even if the mistake went unnoticed for days, the MOVEit DMZ tamper-evident audit logs would show whether the account had been used to access the sensitive data, or if the account credentials were sitting unread in someone’s inbox. If the account had been used by the unintended recipient to access the sensitive data, once again the tamper-evident audit logs would provide non-reputable evidence of the unauthorized data access, giving the company stronger means to pursue legal action to recover the data.