braxton — 2013-03-13T23:19:49-04:00 — #1
I believe that emailing sensitive documents is not a good idea. Is that true? Or, as long as someone's email is secure in that no one else knows the password, is it ok to send sensitive documents?
If not, does anyone recommend a service where I can send a file securely? Then the person on the other end needs a password to get the file.
ralphm — 2013-03-14T01:34:05-04:00 — #2
You could use something like DropBox.
braxton — 2013-03-15T01:55:25-04:00 — #3
I actually didn't realize that Adobe Acrobat can password protect files. I think I'm going to try that feature for now.
ralphm — 2013-03-15T02:19:20-04:00 — #4
Yep, although those passwords are extremely easy to bypass, so don't rely on them too much.
felgall — 2013-03-28T02:17:03-04:00 — #5
If both you and the recipient have email security certificates then you can use them to encrypt an email so that no one except the intended recipient can read it.
prekko — 2013-06-14T03:59:58-04:00 — #6
I use filejam secure file upload, it's really safetly file transfer methood.
dklynn — 2013-06-15T07:51:22-04:00 — #7
TechRepublic had a Michael Kassner article online April 15th (2013) entitled "DropSmack: Using Dropbox to steal files and deliver malware." The point was that Dropbox was not safe as files could be compromised.
A follow-on article by the same author on April 29th, "BoxCryptor vs. Dropsmack: The battle to secure Dropbox" stated that Dropbox files CAN be encrypted before loading (and getting Dropbox's security) to protect the files.
PM me if you want PDFs of those articles - they were worth saving!
The pair of articles provided a valuable reminder that the "soft encryption" of common programs are not sufficient to protect valuable information.
For nearly 20 years, PGP (Pretty Good Privacy) was the defacto encryption program for the general population. NSA tried to crack it and then attempted to have it made illegal but only succeeded in making it available within the US - not for export - so an international version (identical functionality) was made available, too. PGP was sold to a security firm which took the product commercial circa 2000 so it's lost a lot of its following ... but it remains an excellent encryption program.
Finally, Security is the proverbial three edged sword as there must be a tradeoff between cost, convenience and the level of protection to be given the data to be protected. If you want military grade encryption, it'll cost big time!
Back to the original question, e-mail can easily be captured so it is not safe. Dropbox has been shown not to be safe without pre-encryption. PGP has been around for ages and is still quite strong (but inconvenient) so other programs like BoxCryptor and TrueCrypt are finding a niche which you can use them to protect your files.
Finally, you are spot on that Acrobat passwords are trivial to break. There are programs out there which even allow "script kiddies" to do it, too. As for edit/print protection passwords, they are bypassed by simply saving to another format.
ralphm — 2013-06-15T09:27:46-04:00 — #8
Thanks DK. Yeah, nothing's safe, really. Luckily, I have nothing of value. (My life's worthless. )
dklynn — 2013-06-15T19:14:57-04:00 — #9
Yeah, me too! Join the club!
system — 2013-06-17T08:10:03-04:00 — #10
You must check SkyDrive for secure file transfer, here you can give proper file access permission for specific users.
danbcheney — 2013-08-27T15:05:00-04:00 — #11
While cloud file sharing services are not as secure as PGP encrypted files send via email or FTP, it is much easier to use. That's why it's more popular. For most end users, getting a file encrypted has been confusing and then asking your recipient to figure out how to unencrypt it is worst. I understand why so many files are sent as email attachments. It's easy. People just want to get their files moved without thinking too hard about how unsecure it can be. It's a dilemma that really makes small IT shops struggle to keep data secure, as various employees take the easy way.
Then, I just found a free PGP encryption tool (there are several) that actually makes encryption easy. Linoma Software released it's free OpenPGP Studio that can be downloaded for free. I tested it and found it to be refreshingly easy to use. Granted, the end users still need to understand concepts such as encryption keys and still needs to have the recipient know what to do with those keys to unencrypt the file but OpenPGP Studio just made the process so much easier.