6 common data breach scenarios and how to avoid them
For most situations just use our magic link verification, a short expiry time, and ideally self destruct – below are some common security & compliance scenarios and how safedrop will help.a) honest users – you trust them, but want to make sure information is safe in transit and keep a record of the delivery.
The main risk here is usually someone intercepting their email, or grabbing data en route, or grabbing a link that has been shared. With safedrop everything is encrypted in transit. At a minimum we recommend a short expiry time for the safedrop (7 Days), and using either self destruct or magic link security. All sends will be kept in your audit trail. With our Team plans you can control how long the audit trail is kept for – from 0 days to 100 years. Using self-destruct and no magic link is very useful for these people, especially if its a one-off send.
b) honest users on unmanaged devices
Here is where you trust the users intentions, but they may be on unmanaged or shared devices with poor security. Here just turn on ‘view-only’ security and magic links. The recipients can view your files, but they cannot forward them, and the files never leave your servers.
c) untrusted users – Slippery Simon shares a link
You’re worried that slippery Simon will leak your message to Bad Bob.To protect against this you must turn on magic link security.
Current security (November 2019)1) magic link. The link has a validity period (usually 30 mins) during which it must be used.
Slippery Simon has to get a link, request a token, and then send that token and Link to
Bad Bob, Bad Bob has to click within 30 minutes to get the safedrop.
You can also use self-destruct to further improve security – then Simon cannot actually view the document if he wants Bob to get it!
2) coming soon – magic link 2 – links are locked to the requesting device.
To share the safedrop, Simon can send the link to Bob. Bad Bob then has to click the link. Then Bad Bob has to contact Simon and get the magic link – he has to do this within 30 minutes. Also see above re self destruct.here.
d) hacked Hannah – hacked email accounts
Hannah is a safedrop recipient, lets say her email has been hacked. The hacker can now reset Hannahs access to loads of internet services. She could also click any safedrop links.
By using magic link security you have some protection, as Hannah will notice she’s getting links she did not request. But for more protection you can set a password for your safedrops. We will ask Hannah for the password before she downloads. We protect against ‘brute force’ password crackers, so the password can be memorable – 8-10 character words are fine (*never use such a short password for anything without brute force protection, like a pdf file!)
Lots of our clients simply use a pre-arranged password for their clients, as well as magic links. This provides great practical security, and is easy to work with.
e) M&A Mike – Copying content.
M&A Mike wants to share your document with a ‘friend’ in a competing company.
Send Mike a view-only safedrop with magic link security. He can only view it on his device, and if does decide to photograph the screen, it’s got a watermark on it with his IP address
f) trello Tim – using collaboration tools for high sensitivity files and PII.
You’re using this great tool for collaboration (zendesk, trello etc etc) but you have compliance requirements around the data you’re sharing, and also it’s sensitive data.
Here it’s a great idea to use a safedrop for sensitive content and PII (personably identifiable content). You can even post a permanent safedrop link and update the content regularly.
Here you may choose to not user magic links (as everyone with access to the link is already authenticated) or use a domain wide magic link (coming soon!)
Make sure that there’s an expiry time set for the safedrops.
Example – you have an ongoing whatsapp chat for a sensitive case, post the attachments using safedrop links. That way the files aren’t copied all over the place, if you use view-only security you can revoke all the safedrops when you’re done talking. Totally Leak proof!