Protecting confidentiality is worth your effort

Published Date: 21 January 2020

Nearly all the major security incidents reported in the media today concern privacy violation. 2019 was most likely the worst year on record for data breaches: just think about over 5 thousand publicly disclosed leaks exposing over 7.9 billion confidential records by the end of September[1]. Email addresses and passwords are consistently the most compromised confidential data stolen, after which come social security numbers, banking details, IP addresses. And 2020 can only be shaping up to be even worse if the right actions are not taken.

 

But first things first, what exactly is meant by data confidentiality?

It’s about protecting personal information against unauthorized access, disclosure, or theft. If sensitive data fall into unintended hands this means that a failure to preserve confidentiality has occurred; and such a failure, commonly known as a “data breach”, usually cannot be remedied. Once the secret has been revealed, there’s no way to un-reveal it and this can cause huge financial losses and affect an organization’s reputation for years. In a time when nothing is more valuable than personal data, privacy breaches are probably the most serious and dangerous of security issues.

 

Let’s avoid misconceptions

The terms privacy and confidentiality are often used interchangeably despite the diversity in meaning. If it’s true that everything confidential is also private, the same cannot be said of the opposite. So, what’s the difference? Privacy is about individuals; confidentiality is about data. Privacy means freedom from public intrusion into one’s personal matters, not by chance it’s a universally recognized human right. Confidentiality, on the other side, speaks about keeping information secret from people other than those entitled.

 

How encryption saves the day

With this in mind, it’s clear that protecting confidentiality is, in large part, about controlling who has access to data. Granting access only to those who “need to know” goes a long way in limiting pointless exposure. The same goal can be pursued avoiding relying on paper documents which can be more easily misused or stolen. Last but not least, a safe disposal and deletion policy is vital to lawfully handle no longer needed data.

Anyway, the safest method of obtaining confidentiality is undoubtedly encryption, the technique that converts readable text into unreadable form using algorithms and keys. Encrypting sensitive files prevents personal info to be disclosed, except for some specified and trusted persons who have the relevant passwords or keys.

 

Those who choose us need to be able to entrust Penneo with sensitive data and rely on our digital solution for managing their business transactions. It is also thanks to how we protect confidentiality that Penneo has built and developed customers trust.

How do we do that?

  • The strongest achievable level of encryption: have you ever heard of AES 256? The NIST (National Institute of Standards and Technology) developed this Advanced Encryption Standard while working on a cryptographic algorithm capable of protecting sensitive U.S. Federal Government information. So, it’s not surprising that it is today used worldwide as the industry standard for data security.
  • Logical security and isolation: every user, program or process has only access to the information necessary for its legitimate purpose; the so-called principle of least privilege takes shape in the logical isolation of the company’s segments (production, development, C.S. and other corporate departments) and in our employee access policy.
  • Access management: access is provided on work-based needs and using a role-based model, while multi-factor authentication is required to perform more relevant operations. Personal data is only accessible if it’s explicitly granted by the data owner, it’s never shared with a third party and never used outside the production environment for internal purposes.

 

Now it’s up to you. What can you do to enhance the confidentiality of your data and documents?

Digital signatures play a decisive role in securing classified data. The transition from analogue to digital appears once again essential. With Penneo, you can safely send cases out without worrying about the private information in your documents. We strongly recommend using the strictest security settings and exploiting our build-in system functionality, a.k.a. the end-to-end encrypting feature of our software. Even the strongest cryptographic systems are vulnerable if a hacker gains access to the key itself, therefore utilizing hard to guess passwords, multifactor authentication and antivirus software are critical to the larger security picture. Properly trained users are the first key in our layered security.

Businesses and people must do better when it comes to data protection. Pay attention to the data you’re giving away and act wisely and responsibly. Your privacy is precious and worth caring.

 

[1] Risk Based Security “Data Breach QuickView Report 2019 Q3 Trends” (https://pages.riskbasedsecurity.com/data-breach-quickview-report-2019-q3-trends)