"Secure with multi-factor authentication" or "Be compliant with the GDPR": when it comes to data security, there are multiple technical terms. What makes sense to an IT specialist may be less clear to someone else. That is why we have created an AZ blog series in which we explain technical terms to help you prevent data leaks in the (near) future.
Data Security Glossary
General Data Protection Regulation (GDPR)
The GDPR is a European privacy legislation that sets rules for the processing of personal data and entered into force on May 25, 2018. With these regulations, people are more entitled to their rights, which means that organizations must take them into account when, for example, storing and forwarding personal data.
To comply with the GDPR, you as an organization must take various measures. It is important to use a solution that fully complies with the GDPR.
Databreach
A data breach occurs when confidential data accidentally or intentionally reaches unauthorized people. Since the introduction of the GDPR, +400,000 data leaks have been reported across Europe. Human error is the main cause of data leaks, in 74% of the cases. Do you always have to report this? Only if sensitive information has been shared with unauthorized people, and there is a chance that they will actually be able to view the information.
You can easily prevent data leaks if you have the right functionalities with which you can securely share personal data. With the option to track and block an email, you can see if someone has read your email and / or downloaded a file. For example, you can recall emails already sent to prevent a possible data leak.
Data Loss Prevention (DLP)
DLP helps you understand when sensitive information leaves your organization. This ensures the protection of personal data, intellectual property and ensures data visibility. Because you are monitoring your sensitive data, you can detect vulnerabilities and prevent a data leak.
In our system we have incorporated Data Loss Prevention in three layers. This way you can keep track of what is sent to whom and when. With this monitoring you are one step ahead of cybercriminals.
Multi-factor authentication (MFA)
With this form of authentication, the recipient must identify themselves in two ways before access to the email is granted. Due to the multiple verifications, the email is inaccessible to third parties. The use of various factors ensures a more secure system that is less vulnerable to cyberattacks or third-party access.
Because of additional security measures, the authorized recipient is the only one who can view the email. This enables secure communication within your organization.
NTA 7516
This is a Dutch standard that concerns the secure communication of health information by email or chat applications. The standard applies to healthcare organizations and municipalities and consists of principles that must be met to exchange health data by email or chat. Not only is the secure sharing of patient data possible, as an organization, you also meet this strict Dutch standard.
Smartlockr is one of the few suppliers that is NTA 7516 compliant and that has been closely involved in the development of the standard.
Phishing
Phishing is a form of internet fraud in which the victim is sent to a fake website with a link in an email. The goal is to obtain personal data / login details via this website, which can lead to identity fraud.
Phishing can be prevented by generating attention for the subject and describing solutions. In our blogs we share options such as Awareness Training, so that everyone can recognize phishing emails, we give the option to verify senders and we tell everyone to never just open any link.
SMTP Relay Service
With the SMTP Relay Service, emails get the right security. The Relay Service assesses the emails content. Then it either gets forwarded as a regular email or it receives extra security.
The Smartlockr SMTP Relay Service will view an email message and will determine what needs to be done based on preset settings. This allows emails to be properly sent and delivered securely to the recipient. This enables secure mailing on any device from any location..
Single Sign-On (SSO)
This method allows you to access multiple websites and applications using one credential set - your username and password. By logging in once you are authorized in these environments. This saves time, effort and is a safe solution.
Besides safety, we also find user-friendliness very important. With SSO, no separate email accounts need to be created and the user is not hindered during mailing. This makes emailing faster, easier, and safer. In addition, if desired by the organization, the administrator can set the period for which SSO applies. This means that the user logs in regularly, after which SSO will apply for the set period.
Zero knowledge end-to-end encryption
With end-to-end encryption you send messages in a safe, encrypted way. The sender encrypts sensitive information, so only the authorized recipient can view the message. If the message is intercepted, it will therefore not be readable. By adding zero-knowledge, the data is not accessible, even when it is at rest.
Once the data is encrypted, no one can access it except the sender and authorized recipient (s). We cannot view the data either. We just add an extra layer of security without accessing the message. The content is only visible for the authorized people.