Blogs

Four easy ways to address data privacy risks today

Today’s work environment is complex. There is content in apps, communication channels, devices, and different file storage locations. Content is downloaded, uploaded, attached. Employees often go through the motions without realizing they are putting important data at risk. Every year, Data Privacy Day gives us a chance to step back, evaluate how we keep information secure and where we can improve. Here are the top areas to focus on today to address data safety among employees.

Stop sending email attachments.

Over 80% of consumers decide who to do business with based on a company’s reputation for data security, but 53% of Small Business Owners reported having no regular employee training on information security procedures or policies. As a business, it is your responsibility to ensure all personal information and data is secure and adequately protected from breaches.

Attaching sensitive data directly to an email creates a security risk, from the most basic action of forwarding the email to those who shouldn’t receive it to the more serious risk of attachments infected with malware. Yet sharing files outside of your organization is increasingly challenging as different companies use different systems. Employees resort to using a tool IT has not approved just to complete their work on time. This can leave sensitive company and client data exposed to the internet.

One way to protect client data is to use secure links to share information. With Citrix Files plug-in for Microsoft Outlook or Gmail, attachments are automatically converted into a link, with one click. The image below shows the Citrix plug-in directly within an email:

Restrictions can be set for downloading or copying information from the file. When selecting your file, you can set view permissions for the link such as how many times it is viewed, if it can be downloaded, or if the viewer needs to sign-in to see the contents.

Securely sharing or receiving files from clients is just as important as how your employees share files with each other. Citrix ShareFile also supports client users - if Admins enable this capability, employees will be able to add recipients outside your company as users. This process provides an extra layer of document security.  Watch this video (45:39) to see the full settings available when securely sharing content with clients.

Additionally, Citrix ShareFile allows you to provide a highly-secure portal to upload files for any person you select, simply and intuitively. You create a URL to send to the client, who can then drop files into the web page. It is in turn saved back to the folder you specify. The entire process is seamless within your workflow, as seen in the image below.

Or, you can generate an email from the Citrix ShareFile portal to streamline your workflow. The image below shows the email received with instructions to upload content securely.

Securely collaborate with clients

Office suites and team collaboration tools are optimized for internal use between co-workers, not for B2B or B2C collaboration. Your employees need a secure way to exchange information with external customers and partners without stepping outside security best practices. Other solutions, , depending on the settings your admin has selected, may only allow internal employees to view and edit documents, frustrating secure collaboration.

How can you collect feedback on a document or collect information from clients without a flurry of emails, attachments, or manual tracking of changes? And all while keeping in mind that information shared via email is also subject to governmental regulation? With Citrix ShareFile’s integrated feedback and approval workflows employees can collect information in a secured portal from only the intended recipients.

Feedback is consolidated in a single location, reducing version tracking and clogged inboxes. You can also set automated reminders to complete feedback or if a recipient is tagged in a comment.

Support compliance with external regulations.

Many industries and most governments have regulations around data privacy. Your employees may have seen acronyms such as HIPAA, GDPR, PCI, CCPA/CPRA without understanding all the legal intricacies. A common theme amongst these regulations is the collection, distribution, and storage of any data that contains identifiable content for an individual, customer, or client. This is also known as Personal Identifiable Information or PII.
A common misconception about data privacy regulation is that it applies only to the entity initiating the collection of data. This is not accurate - HIPAA, for example, may apply to third parties that perform certain functions or activities requiring the disclosure of personal health information (PHI) such as medical claims processing. If your organization is subject to HIPAA, your employees will need a solution that supports HIPAA requirements for sharing information.
Citrix offers many cloud-based services that can support HIPAA requirements, including ShareFile, RightSignature, and Microapps. These solutions enable healthcare and life science customers to access, share, and electronically sign documents containing ePHI in confidence. Citrix also maintains SOC 2 compliance for several cloud-based services, including ShareFile, and continues to expand year after year.

Make sure the “great resignation” is not impacting your data

When employees leave a company, there are residual data access concerns. Did the employee download your entire customer contact list before they left? How would you know? With 40% of workers predicted to resign this year, data exfiltration is a top risk – 45% of employees said they've taken data before leaving or after being dismissed from a job. [source]

Understanding who is accessing your data and files, as well as limiting access to those who need it, is key to preventing data exfiltration. Individual end users can control view permissions, such as requiring the recipient to log in to view the file, preventing downloads, or setting an expiration date to the viewing rights.

Citrix ShareFile includes dashboards to review who is accessing information, especially useful for compliance requirements. Admins can create reports such as reviewing usage of all files.

Within the dashboard area, Admins can inspect any files that were quarantined due to suspected malware exposure. ShareFile includes built-in malware threat detection to prevent the further spreading of harmful content. Read this article to learn more about threat detection features.

ShareFile also integrates with Citrix Analytics for Security. This add-on feature alleviates manual monitoring with automatic reports that spot abnormal behavior. The image below shows an example of an alert for excessive access to sensitive data.

Data retention and compliance are challenging because information stored in unstructured files can be difficult to organize for retention and compliance purposes. This is time consuming and low value-added work. ShareFile supports integration with third party Data Loss Prevention (DLP) products. This is ideal for businesses, especially those in highly regulated industries, that need to be able to control file sharing based on the content inside the files themselves.

What else can you do today?

Existing Citrix ShareFile customers can train and educate your users. Share this article with fellow employees for immediate actions they can take today using ShareFile to secure data.

If you are new to Citrix, try ShareFile for free to see how our flexible solution can address your data privacy needs. Click here for a free trial.

Signup for ShareFile Now.