WinZip Enterprise Blog

Protecting the world's most sensitive data for over 30 years.

Blog Home > WinZip Blog

WinZip Blog

How to protect your company’s databases and other organizational data

A company’s database and data repositories contain its most valuable asset: information. This information, if compromised, could negatively impact an organization’s assets, finances, and reputation.

Data protection is the means of securing your digital information to prevent or reduce the risk of information loss, compromise, or corruption. The right tools, controls, and processes help protect enterprise databases and other critical data assets from unauthorized access and cyberattacks.

Protecting enterprise databases and other organizational data is important not just for cybersecurity, but also to ensure business continuity and maintain a competitive market advantage.

In this article, we’ll look at how companies benefit from data protection, the consequences of inadequate data protection measures, and the various ways you can protect organizational data and company databases.

The importance of protecting company data

Enterprise-level organizations collect, store, and manage large amounts of data. Some of this data is structured, which means it is organized and easily accessed by users.

However, 80% of all enterprise data is unstructured, which cannot be analyzed or processed using structured data procedures. From documents to images, videos, and audio streams, your company’s unstructured data also contains sensitive, business-critical information, including (but not limited to):

  • Intellectual property.
  • Financial records.
  • Cardholder data.
  • Third-party contracts.

While databases can be controlled with access privileges and managed by IT admins, unstructured data has fewer controls available to ensure its security.

Unstructured data is user-generated content that may be stored on-premises, in cloud-based storage systems, or in cloud-based applications. As such, controlling access and management of unstructured data falls on internal users.

If your employees are not well-educated on the risks associated with sharing and managing data, they are more likely to operate outside of your company’s security standards. This can lead to what is known as shadow IT, where employees use devices and/or technology for work purposes without their IT team’s knowledge or approval.

Whenever a user accesses a shadow IT application, your data is stored in an unknown and unauthorized location. These unapproved solutions are more common than you might think—80% of employees admit to using applications without IT approval.

This lack of awareness regarding data protection contributes to human error, which is a top threat to your company’s information security. Cybersecurity incidents are pervasive, with cybercriminals always looking for new access points and attack vectors.

Negligence, lack of cybersecurity awareness, and poor access control are key problems associated with human error. Fixing human error issues starts by understanding your security risks, developing appropriate security controls, and mitigating cybersecurity risks.

Having a comprehensive business data protection strategy in place can help your organization minimize or avoid system vulnerabilities. Effective protection strategies are data-centric, going beyond regulatory requirements to also consider and plan for real-time security threats.

The cost of inadequate data protection

In 2021, there was a sharp increase in data breaches and ransomware attacks, compromising sensitive information of millions of victims. By October 2021, the number of data breaches for the year had already sailed past the total for 2020.

Ransomware also experienced record-setting attack volumes, with a reported 304.7 million attempted hacks in the first half of 2021. The entirety of 2020, by comparison, saw a total of 304.6 million ransomware attempts.

Once an organization experiences one ransomware attack, the next may be right behind it. Reports find that 80% of companies that previously paid ransomware demands were exposed in a second attack.

Direct and indirect costs

When databases and data are not properly protected, there are direct and indirect costs that can impact your company’s bottom line.

  • Direct costs are those associated with handling cybersecurity events, such as:
    • Fines.
    • Investigation costs.
    • Reimbursement to affected parties.
  • Indirect costs are connected to resources spent to recover from the data breach. For example, operational downtime leads to financial loss.

Downtime that impacts IT networks averages $5,600 per minute, and 33% of surveyed enterprise organizations indicated that an hour of IT downtime would cost them $1–5 million.

Reputational damage is another indirect cost of inadequate data protection. When you lose customer loyalty and trust, you also face the risk of losing potential customers as people share their experiences.

Insider risk is a prime vulnerability for every organization. A 2021 survey found that 94% of companies were subjected to an insider data breach in the last year. Most of these incidents were caused by human error.

While human error is not malicious, it is costly—data breaches caused by human error average a cost of $3.33 million per incident. In the US, a data breach cost the affected organization an average of $4.24 million in 2021. This amount is 10% more than the average cost in 2019.

Industry-specific data protection considerations

Organizations that operate in heavily regulated industries will pay more in non-compliance fines. For example, healthcare data breaches are significantly more expensive than other data breaches due to the industry’s stringent data privacy policies.

In the US, the Health Insurance Portability and Accountability Act (HIPAA) regulates the use of and access to Electronic Protected Health Information (ePHI). Its rules and regulations are based on three primary components:

  • Security Rule. This rule is specific to ePHI and identifies the administrative, physical, and technical safeguards needed to protect the confidentiality, availability, and integrity of ePHI.

In 2020, the Premera Blue Cross health plan received a $6.85 million HIPAA penalty due to a data breach that exposed 10.4 million individuals’ ePHI. This penalty was in addition to a $10 million settlement to resolve a multi-state lawsuit and a separate $74 million settlement stemming from a consolidated class action lawsuit against the health insurer.

Any breach that includes customers’ Personally Identifiable Information (PII) will be more expensive than other data sets. The average cost per record for all data types in 2021 was $161, compared to $180 per records containing PII.

In addition to increasing the cost of the breach itself, compromised PII can lead to costly lawsuits. For example, Morgan Stanley faced a class-action lawsuit stemming from data exposure that impacted around 15 million individuals.

The banking and financial services company agreed to a $60 million settlement in 2022. This settlement amount is in addition to the $60 million fine imposed by the Office of the Comptroller of the Currency (OCC) for its data protection failures.

The benefits of a comprehensive company database protection Plan

A comprehensive data protection strategy establishes controls and policies related to an organization’s personnel, processes, and technologies. This is a multistep process that safeguards the integrity, availability, and confidentiality of organizational data.

Database protection plans are based on three primary goals:

  • Data security. The controls, policies, and procedures that protect data from malicious or accidental damage.
  • Data availability. The process of making data available through redundancy and backups to ensure quick restoration following damage or loss.
  • Access control. The means of restricting access to data to only those who need it.

Some of the most important elements of a database protection plan include:

1. Customize access controls

An access control system restricts access to data and/or resources based on the required task. This helps prevent unauthorized access and ensures that people have the access necessary to perform their jobs.

Access requirements should follow the principle of least privilege (POLP), which grants access rights based on what is necessary for the users’ job functions. It is also important to conduct regular reviews of your access controls to identify and correct unnecessary permissions.

2. Secure endpoints

The endpoints that connect to a corporate network are especially vulnerable to cyberattacks and breaches. From laptops to smartphones, workstations, servers, and other network access paths, endpoint security ensures that organizational data cannot be lost or stolen.

Endpoint protection starts by identifying all devices that connect to your network resources. Then, the devices should be secured using antivirus software, data encryption, firewalls, and application and access controls.

3. Educate users on security protocols

When employees do not have enough information about how their actions (or inactions) impact cybersecurity, it increases the risk of human error. From reusing passwords to not keeping applications up to date, there are several ways in which your employees can inadvertently set the stage for malicious cyber activity.

Educate employees on best practices to protect organizational data and databases, which include:

  • Identify and report suspicious activity, such as emails with attachments from unknown sources.

4. Encrypt your files

File-level encryption restricts access to authorized users and can only be decrypted with the right password or encryption key. If the data cannot be read, malicious actors cannot decipher what they’ve stolen.

Encryption can protect organizational data in several ways:

  • Removable storage media. Encrypting data stored on a thumb drive, memory stick, or other portable device prevents unauthorized access if the device is stolen or lost.
  • File transfers. Unsecured and wireless networks can expose sensitive data to bad actors. Encrypted files will be protected even as they move between various users, devices, and networks.
  • Backups. Backups make it possible to restore data that has been lost, damaged, or stolen. Encrypting backup data adds an additional layer of protection and ensures that only authorized users can access the files.

A solution like WinZip® Enterprise offers a fully customizable set of enterprise-grade tools to secure, manage, and protect enterprise databases and organizational data. It features military-grade encryption for secure file sharing and collaboration with end-to-end data protection.

With WinZip Enterprise, IT administrators have complete control over the data environment, making it easy to implement and enforce policies related to file security, sharing, and backups.

Discover how WinZip Enterprise can help protect your company’s database.

How to open a zip file on an iPhone

It can be difficult to comprehend the amount of digital data we generate via social media platforms, online marketplaces, medical facilities, and through government, education, and financial institutions.

At the start of 2020, the number of digital bytes worldwide was 40 times the number of stars in our observable universe. The World Economic Forum estimated the amount of global digital data to be 44 zettabytes. A zettabyte is one sextillion bytes––1,000 bytes to the seventh power––and has 21 zeros.

With so much data being generated and shared, institutions and individual users rely upon zip files and file compression to securely and quickly share information.

In this article, we discuss the value of file compression, its uses for businesses and employees, and how to open zip files on mobile iOS devices.

What is a zip file?

Imagine you would like to send multiple files (e.g., Microsoft Word documents or photos) to someone via email. One option is to attach each file individually, but this can easily become cumbersome and inefficient.

To make file sharing easier, you can create a zip file, which is a way of grouping (also called “archiving”) multiple digital files. Once zipped, these files act like one file. In the example above, you would need to attach and send one file, which the receiver would open to view the entire zip file’s contents.

Zip files are just one of many ways to archive files (other examples include ARC, ARJ, RAR, and CAB), but they are not the most common. They archive encoded information that is unusable by other applications until it is extracted from the file and decompressed. Zip files are not limited to a single type of data. They may include images, audio, video, and more.

How do zip files work?

Zip files are created through the process of file compression. A compressed file contains one or more files that have been reduced in size, which makes them easier to transfer or store. Once received, compressed files can be decompressed back to their original state without degradation in quality.

Zip files specifically work through lossless compression, which removes redundancies (the same data pieces that are stored in multiple places within the storage environment).

For example, uncompressed data may look like this: AAABBBBBCC.

While lossless file compression may look like this: A3B5C2.

The new, compressed code—A3B5C2—holds the same information as the original code. However, by using numbers to signify the number of times the data repeats, the second code takes up less space.

Files in a zip archive are compressed individually, so you can extract or add new data without compressing/decompressing the entire archive. When you decompress the file, it goes back to its original form.

Why do businesses use zip files?

Zip files help businesses organize, share, and store data quickly and efficiently. Some of the many ways zip files are used include:

  • To free up space on a device. Zipping large files can save 80% or more of available storage space. For example, images saved on your computer may take up a lot of space; compressing them into zip files will free up space but enable them to remain readily available.
  • To transfer data. Sending large files or several documents can be cumbersome and time-consuming. (If you have ever waited for a file to download, you understand this first-hand!) Compressing data into a zip file increases transfer speed and gives the recipient a single, organized folder that contains everything they need.
  • To save time. Zipping content saves storage space on the server, decreases the time it takes to transfer/download, and organizes all files in a single zip file for better file management.
  • To store more data. Businesses store and process an enormous amount of information every day. Because zipped files are smaller, you can store and share more data on a server, in an email, or on portable storage media.
  • To organize data. A survey by SmartFile of more than 421 IT administrators within the US concluded that businesses lose an average of $17,000 in productivity costs annually due to poor file management. Since zip file names end with “.zip,” users easily identify zip extensions to quickly locate files and differentiate them from files of other origins (such as PDF or .jpg).

Why would employees need to open zip files on an iPhone?

Gartner predicts that 31% of the global workforce will be remote in 2022 and 53% of the US workforce will be a hybrid of remote and on-site work.

The increasing popularity of remote work shifts how IT resources are used. Zipping files makes it easier for off-site personnel to access content quickly and securely without worrying about slow transfers, prolonged downloads, or storage limitations.

Basic zip file features are built into the operating systems for Windows or macOS computers, which means that if you use one of these types of computers, you do not need additional software to create and open zip files.

Workers operated on an average of three devices in 2019 and will use an average of four by 2024. As the number of devices used by employees continues to increase, the need for employees to access important zipped documents, images, and other media types directly on their smartphones will also rise.

This means that the use of the 1 billion active iPhones around the world will likely increase as well. Apple controls all aspects of its technological ecosystem including hardware, firmware, and software. It’s thus no surprise that, when iOS users around the world are broken down by industry, 22% are in computer software and 14% are in information technology and services.

However, iPhone use extends beyond these verticals, as workers in all types of industries may need to complete work-related tasks on an iPhone while on the go.

Hypothetical scenarios for iPhone use in the workplace include:

  • A nurse needs to quickly review patient information (e.g., test results or image diagnostics), and doesn’t want to spend valuable time finding a dedicated computer workstation.
  • A truck delivery driver needs to access zipped files that contain details about his next few routes.
  • An employee who is on the way to the airport needs to view an email that includes attached zip files.

When running iOS 13 or later, employees can copy and back up file contents to USB flash drives and SD cards. This feature enables easier file sharing between devices that historically did not communicate directly. Previously, users typically relied upon a third device, such as a laptop or desktop computer, to receive files from one device and send them to another.

How to open zip files on an iPhone

The process for opening a zip file will differ depending on if the zip file is from your email inbox or from another source on the internet, such as a company’s cloud storage.

To open a zip file from your email app on your iOS device, complete the following steps:

  1. Open your device’s mail application. This could be the standard iOS Mail app or a third-party application such as Gmail’s Mail app.
  2. Open the email that contains the zip file you wish to open.
  3. Tap on the file. In the menu that appears, tap the Share icon (the square with an arrow).
  4. In the menu that appears, tap “Save to Files.”
  5. Open the Files app.
  6. Locate the file you wish to open.
  7. Tap the zip file. Your device will automatically begin unzipping it.
  8. A new screen will appear with the name of the zip file. From this screen, you can preview the files before deciding which to open or download, or you can download the files.
    • To preview the zip files, scroll through the files by swiping left.
    • To download any file, tap the word “Download.”

To open a zip file from the internet, complete the following steps:

  1. Locate the zip file you wish to download. This will vary depending on your company; in many cases, it will be located within your company’s cloud storage account.
  2. Download the file to your iPhone. Note that download options will also vary depending on where the file is located.
  3. On your device, open the Files app.
  4. Locate the file you wish to open in the “Downloads” section of the app.
  5. Tap the zip file. Your device will automatically begin unzipping it.
  6. A new screen will appear with the name of the zip file. From this screen, you can preview the files before deciding which to open or download, or you can download the files.
    • To preview the zip files, scroll through the files by swiping left.
    • To download any file, tap the word “Download.”

The steps for opening zip files on an iPhone differ depending on which iOS system your phone uses. If your iPhone runs on iOS 13 or later, you will not need a third-party app to open zip files. Prior to this version, the Files app of iOS devices could only unzip files or uncompress zip archives.

Use WinZip Enterprise for secure file sharing

WinZip® Enterprise is a comprehensive solution that provides enterprise-grade features to enable organizations to secure and manage files (including zipped ones), enforce access control and protocols, and equip their teams to work collaboratively yet safely.

WinZip Enterprise provides businesses with the following key benefits:

  • Enterprise-level compliance. This solution adheres to Windows Information Protection (WIP), which is a series of policies designed to protect data at rest on endpoint devices, as well as in transit. It’s also Federal Information Processing Standards (FIPS) 140-2 compliant.
  • Advanced encryption. WinZip Enterprise offers FIPS 192 certified encryption, which is the Advanced Encryption Standard (AES) that requires FIPS-approved encryption to protect electronic data.
  • Secure file sharing and collaboration. Password protection, read-write privileges, and other custom controls for individuals and groups ensure access privileges for the right people.
  • Complete IT control. Through its centralized console, WinZip Enterprise places custom control in the hands of IT administrators who can immediately set (and revoke) permissions and access controls.

Discover how WinZip Enterprise provides a simple, secure solution for zipping sensitive files.

How to encrypt an Excel file

Originally launched in 1985, Microsoft Excel has long been an essential software and management tool for 99.99% of businesses, with versions available for Windows, MacOS, Android, and iOS.

This nearly ubiquitous spreadsheet software offers features such as calculations, graphing, and data sorting. Excel is commonly used for all sorts of organizational tasks such as budgeting, planning, data reporting and analysis, and more.

But how safe is Excel for transferring sensitive data?

In 2020, Microsoft’s Security Intelligence team announced it had detected a phishing campaign that specifically targeted Excel. The campaign was based around an email that appeared to come from a medical center. The email was related to the COVID-19 pandemic and came with an Excel attachment. If downloaded and opened, the Excel file displayed a graph of COVID-19 cases in the US and a security warning.

If users bypassed the warning and allowed the file to run, the device would download and run NetSupport Manager, which is a remote access tool often used by hackers to control external devices, such as a victim’s computer.

Microsoft admitted that this campaign was just one of hundreds that targeted Excel. But Microsoft was not the only target: by September of 2021, data breaches across industries and software programs had surpassed breaches from the year prior by 17%.

Unauthorized access is responsible for 20% of breaches, making compromised credentials stand out as a leading cause of data breaches. Remote working and subsequent digital transformations (e.g., moving to face-to-face meetings to teleconferencing technology) due to the COVID-19 pandemic increased the average cost of a data breach by 10%.

Encryption can be key to mitigating unauthorized access to cloud-based storage systems, email accounts, computers, laptops, tablets, and portable storage devices.

This encryption should extend to Microsoft Excel files. Since Microsoft Excel spreadsheets often contain numerical inputs, its files may contain sensitive information, such as financial data. It is therefore vital to encrypt Excel files to protect the data within.

This article explains how encryption works, why enterprise-level companies need to encrypt Excel files, and provides step-by-step instructions on how to encrypt Excel files using a security solution like WinZip® Enterprise.

How does encryption work?

Encryption keeps sensitive information safe from unauthorized access. The encryption process takes data and transforms it into another form or code that can only be accessed with a decryption key or password. Unencrypted data is known as plain text; encrypted data is called ciphertext.

Encoding (and decoding) data is accomplished using encryption algorithms (also known as ciphers). Part of the algorithm is an encryption key. An encryption key is a variable value which creates the cipher’s unique output. As the name suggests, it is the key to unlocking the encrypted text.

Why enterprise-level companies need to encrypt Excel files

Unfortunately, Microsoft Excel files are common targets for malware––especially when these files are sent via email. Verizon reports that 46% of malware attacks that happened to organizations in 2020 originated from an email.

Microsoft products are particularly susceptible to macro viruses, which are viruses that use the same macro language as software programs such as Microsoft Word or Microsoft Excel. Since the virus is written using the same language as these software programs, it can corrupt documents––and your device’s software.

Unauthorized access to files and data can be detrimental to both the companies and their clientele. Potential consequences of unauthorized access include the following:

  • The manipulation or destruction of sensitive data. Unauthorized access by nefarious third parties can lead to tampering with Excel files containing important information. If these files are not backed up on other devices, this data can be irretrievable.
  • Negative impact on a company’s reputation. A Forbes study reports that 46% of businesses experience damage to their reputation and brand value because of a data breach. An additional 19% of organizations suffer reputation and brand damage caused by either a third-party security breach or an IT system’s failure.
  • Loss of revenue. While a data breach can harm an enterprise’s reputation and deter potential customers, it may also affect the organization’s current customer base. PricewaterhouseCoopers (PwC) reports that 87% of consumers are willing to cut ties with a business when data breaches take place.
  • Regulatory ramifications. Businesses must adhere to specific regulatory standards for data privacy. These standards will vary by industry. Merchants, vendors, and financial institutions, for example, must follow the Payment Card Industry Data Security Standard (PCI DSS) for transactions.

    Healthcare entities must abide by the 1996 Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires protection of protected health information (PHI) in electronic health and medical records.

  • Legal ramifications. Compromised data brings into question whether companies have taken all possible measures to secure client or customer data as per federal law. Therefore, in the event of a breach, class action lawsuits are not uncommon. Equifax’s 2017 data breach, for example, cost the company $700 million in payouts to affected US customers.

Encrypted files are password-protected, which ensures that only authorized individuals can open, read, or edit the files. Since encrypting Excel files allows users to control who can access and edit sheets and workbooks, encryption helps to maintain data integrity and avoid the repercussions of data breaches.

How to encrypt an Excel file using WinZip Enterprise

WinZip Enterprise is a file encryption and security solution designed for large companies that handle vast amounts of sensitive data, such as government and military agencies, healthcare companies, and financial institutions.

To encrypt an Excel file using WinZip Enterprise, complete the following steps:

  1. Open WinZip Enterprise.
  2. In the Actions pane, click on Encrypt.
  3. Drag and drop your Excel file to the center NewZip.zip pane.
  4. In the dialog box that appears, enter your password.
  5. Click OK.
  6. Click the Options tab in the Actions pane and choose Encryption Settings.
  7. Set your desired level of encryption.
  8. Click Save.

Benefits of using WinZip Enterprise for file encryption

As mentioned, the process of encrypting and decrypting data is called cryptography and the formulas used to code and decode encryptions are called encryption algorithms. Although numerous encryption algorithms have been developed and used over time, Advanced Encryption Standard (AES) is one of the most popular today.

The Advanced Encryption Standard (AES) is the encryption algorithm used by most governments, financial institutions, and enterprises that require high levels of data security, such as insurance and healthcare companies.

The AES algorithm works by separating data into small blocks (called “bits”) and then applying mathematical codes to these bits. Bits typically come in sizes of 128, 192, or 256 and are referred to as 128-, 192-, or 256-bit keys.

The longer the bit key length, the greater the security of the AES system. However, even the smallest bit key (128) remains resistant to “brute force attacks” such as a supercomputer rapidly generating and applying numerical codes in an attempt to decipher the AES’s cryptographic algorithm. It is estimated that it would take a supercomputer more than 100 trillion years to crack a 128-bit AES.

WinZip Enterprise uses AES encryption with a 128-, 192-, or 256-bit key to encrypt and decrypt data. With AES encryption and secure password protection, your files are protected as you share them via email, cloud-storage systems, or with portable storage devices.

Since WinZip Enterprise also compresses your encrypted files, they are easier to upload and share. Word-based documents, for example, have files that can be compressed to 90% of their original size. It can also compress MP3 files by 15 to 20% and JPEG files by 20 to 25% without loss to photo or audio quality or data integrity. Excel files can be compressed up to 93% but rates vary significantly, since Excel files may have embedded images or other elements that affect compression size.

These compressed files can be transferred much faster than their uncompressed versions.

It takes one tenth of the time to transmit a compressed file than it takes to send the original (uncompressed) file. Since users spend less time waiting for files to transfer and download, these faster transfer times help improve employee productivity.

In addition, compressing files helps companies cut data storage costs, which can be significant. For example, enterprise-class hard drives can cost hundreds of dollars, and cloud-based storage solutions are often priced based on the amount of data stored.

With its encryption and compression capabilities, WinZip Enterprise keeps your organization’s data safe, reduces data storage requirements, improves productivity, and helps prevent costly and detrimental data breaches.

Explore how WinZip Enterprise can help your company encrypt its digital assets.

Top five benefits of secure enterprise file storage

Today’s work environments are changing, thanks to the ongoing global pandemic plus new technology advances. The days of dedicated workstations with an assigned computer are over—55% of global businesses currently offer some capacity for remote or hybrid work.

This shift means that employees now access work-related data and software applications via multiple devices such as laptops, tablets, and smartphones. The number of devices used continues to increase: Workers operated on an average of three devices in 2019 and will use an average of four by 2024.

More than 50% of employees access data on personal devices such as their own laptops and smartphones—often via unsecured networks such as public Wi-Fi. Accessing sensitive data on unsecured networks or devices increases cybersecurity risks, including data theft, ransomware, and viruses.

Cybersecurity attacks on businesses continue to increase

Cyberthreats continue to increase in number and severity. By September of 2021, the year’s data breaches outnumbered 2020’s by more than 17%. Cyberattacks also increased by 27% last year—and cost companies an average of $1 million more when remote work was a factor in the attack.

Cyberattacks pose real threats with file storage, which is the method used to organize and store data on a hard drive or storage device. Portable devices such as flash drives are popular storage solutions for employees who need to move files between work and home environments, but they leave organizations more vulnerable to cyberthreats.

Although these devices are often essential for file sharing and storage, they pose numerous cybersecurity risks as they are easily lost, breached, or misappropriated.

Employees also often bring their own flash drives or USB devices to work, and these solutions may not offer the same protection as company owned and managed devices. Confidential information should therefore never be stored in employee-owned or commercial solutions.

Organizations should instead seek appropriate enterprise-level file storage solutions that meet industry and legal compliance requirements.

Depending on the industry and the strictness of its standards, these storage requirements will vary. Industries such as finance, healthcare, and insurance, for example, handle particularly sensitive information and are therefore subject to stringent, industry-specific standards regarding data storage.

Companies must shift to secure and reliable file storage solutions to protect their data, whether they need to meet the compliance requirements of a strictly regulated industry or not. This article will cover the benefits of enterprise-level software solutions for secure file storage.

1. Administrative controls to manage access and permissions

Regardless of your business type or industry, it is vital to maintain control over who can access what data. With a secure file storage solution, IT administrators have greater control over user permissions such as password protocols and encryption levels.

Secure file storage often includes multi-factor authentication (MFA), which is the use of personal identification numbers (PINs), passwords, fingerprints, and verification codes to access devices, systems, or files. This extra layer of protection reduces the risk of unauthorized access by up to 99%, thus limiting the potential for data exposure and loss.

Rather than providing shared credentials for groups of users, secure file storage uses individual credentials. This gives greater accountability to each user and helps reduce the risk of human error that can occur when certain access levels are not implemented.

Secure file storage and sharing also involve “least privilege access” models, which ensure each user has only the access privileges needed to complete their specific responsibilities. Through custom controls, administrators can also temporarily provide higher access controls on an as-needed basis. These access controls can immediately be revoked after task completion.

2. Industry-specific, military-Grade encryption and compliance

Employees may be familiar with commercial file sharing and storage solutions that are designed for user convenience. Although these solutions often provide appropriate storage for personal accounts, they lack purpose-built security controls regarding file backup and access.

These commercial-grade systems also typically lack the specific compliance features necessary in heavily regulated industries. Some of these common compliance regulations include the following:

  • Companies that handle cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS). Requirements include practices such as managing access control, encrypting transmissions of cardholder data, strong password policies, and monitoring access to data and network resources.
  • Healthcare-related entities must comply with HIPAA rules regarding the protection of Electronic Protected Health Information (ePHI), which is all information that can identify an individual. Organizations must identify and protect against real and anticipated security threats to avoid unauthorized use of systems and unauthorized disclosure of personally identifying information.
  • Companies in the finance industry (or those that outsource finance-related operations to third-party vendors) must comply with System and Organization Controls (SOC). Certified Public Accountants (CPAs) utilize the SOC and its guidelines to ensure any outsourcing of data storage is compliant with industry standards.

Regardless of the industry and compliance measures, all industries should follow the military-grade encryption set forth by the Federal Information Processing Standards (FIPS). FIPS is the security standard for transmitting sensitive information.

Companies are deemed FIPS compliant when they adhere to defined data security and computer systems and encryption and decryption. Organizations may receive FIPS validation after undergoing a rigorous evaluation process.

3. Strong in-transit and at-rest encryption protocols

For heightened protection, all sensitive files should be encrypted. Encryption can be defined as the method of converting data into code that potential hackers cannot decipher. Encryption also supports regulatory compliance (for example, PCI DSS requires the encryption of card data when it is stored and when it is transmitted).

Files should be encrypted both in transit and at rest.

  • In transit protection protects data as it moves from one place to another, e.g., when data is sent via email.
  • At rest protection prevents cyberattackers from restoring a backup to an unsecured server, from making a copy of a database and its files, or from attaching these files to another unsecured server.

Off-the-shelf, consumer-level systems may provide some level of encryption; however, these systems often provide very little customization. This lack of agility can make these systems cumbersome for IT administrators who are already facing new challenges regarding system and data protection due to the increase in remote work and the subsequent increase in device types used.

Enterprise-level security systems offer custom solutions––such as password protocols and custom file read-write privileges––to address these critical security concerns.

4. Data backups to prevent loss

As backing up data becomes a crucial component of business technology practices, the volume of data storage (the means in which digital data is stored on computers or other devices) increases. Data storage is estimated to have increased from 260 million units in 2020 to 2.9 billion units in 2021 (one unit is equivalent to 1 million pieces of data).

A secure file storage system will automate business-critical tasks such as securing backups locally (and/or to the system’s cloud). Cloud-based file storage automates the backup process, while policies such as Windows Information Protection (WIP) help secure business data stored on both employee and company-owned devices.

IT admins can use WIP to add tags to corporate data that trigger automatic data encryption when files are downloaded from or saved to a company’s storage solution. These features help to reduce human errors, such as forgetting to back up data.

Enterprise-level storage solutions typically offer both on-site and cloud backups so that stored files are both secure and readily accessible to authorized users.

Building this redundancy into storage systems prevents data loss in the event of one method storage solution being compromised. Through features such as data monitoring and logging, company leaders can rest assured that their backups include all relevant data.

5. Long-term data retention requirements

Industry regulations may require that data be maintained for several years (or even for the duration of an individual’s life). Examples of industry-related data protection requirements include:

  • Occupational Safety and Health Administration (OSHA). OSHA requires businesses to maintain employee records for at least seven years after an employee’s termination. It additionally requires employers to maintain medical exposure records for 30 years.
  • Sarbanes-Oxley Act (SOX). SOX requires all businesses to retain records––including electronic records such as files––for a minimum of five years.

Additionally, many data privacy and protection regulations—such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA)—have specific requirements regarding data retention that are not industry specific. It is therefore vital that organizations choose storage solutions that can safely maintain data long term.

Securely store files with WinZip Enterprise

To securely store their data, many businesses turn to enterprise technology systems such as WinZip®Enterprise. This solution protects data in transit and at rest via several different encryption methods, including the Federal Information Processing Standards (FIPS).

WinZip Enterprise provides FIPS 140-2 compliant security. Developed by the National Institute of Standards and Technology (NIST), FIPS 140-2 identifies security requirements for cryptographic modules to ensure protection of government’s sensitive data.

This solution also secures data backups with Advanced Encryption Standard (AES) 256-bit encryption. Although AES 256-bit encryption was initially developed for the US government in 1997, it is now available to businesses that require higher levels of data security.

WinZip Enterprise is a WIP enlightened application, which means IT can set custom storage access and use restrictions within the WIP policy. This both protects information and prevents data loss while empowering IT admins.

Additionally, to save storage space (and lower the ever rising costs of data storage and security), WinZip Enterprise finds and flags duplicate files. This helps to lessen the strain of capacity storage limits for businesses.

Discover the benefits of WinZip Enterprise to enable secure file storage within your organization.

Enable secure file sharing on removable storage devices

More than half of US employees hold jobs that could at least partially be completed via remote work, and 80% of employees would like to work remotely, at least part-time.

Of those currently working from home, 77% report feeling fully productive while doing so. In addition to increased employee productivity, organizations that permit remote work experience 25% less turnover than those requiring employees to work on-site.

Remote work is therefore not only convenient but may be a necessity for companies to retain current employees and attract new talent.

With more and more companies enabling their employees to work remotely, the need to secure shared files is more important than ever. However, offsite workers create new cybersecurity vulnerabilities for companies and their data, such as data breaches.

2021 was a record-breaking year around the world for data breaches, and ransomware was also on the rise. The US Treasury Department financial crimes investigation unit (FinCEN) reported suspicious transactions regarding ransomware amounting to $590 million in just the first half of 2021 alone. This figure is significantly higher than the total for 2020, which was $416 million.

The shift from in-office to remote work has made companies even more vulnerable to these threats.

The security threats of removable media

Viruses, malware, and other cyberthreats often infiltrate businesses via removable storage devices, such as USB flash drives. These easy-to-transport devices are common methods for saving and sharing data, but they can easily be lost or stolen.

Since removable storage devices are often plugged into multiple devices to copy or share data, they are prime carriers of malware from device to device. Just one infected device could infect and corrupt an entire enterprise’s system and files.

Since 2011, the US Cybersecurity and Infrastructure Security Agency (CISA) has warned that USB sticks and other portable devices appeal to attackers, yet many companies continue to use them today. CISA urges the use of security solutions to keep data on these devices safe.

In this article, we’ll explore what methods you can use to secure shared and stored data on portable storage media, and explain how WinZip® SafeMedia™ can help provide file security on removable devices.

Virtual vs. physical file sharing methods

When businesses share data internally or externally, users can send information in one of two ways: over a network via file sharing systems or using physical storage devices. Let’s take a closer look at each.

Virtual file sharing

Common types of virtual file sharing systems include cloud-sharing solutions, virtual data rooms (VDR), peer-to-peer networks (P2P), and file transfer protocols (FTP).

Peer-to-peer networks use software that enables computers to communicate with one another. In P2P sharing, a software program locates other computers connected to the network and identifies the one(s) that have the files a user needs.

These network computers are called peers because they are ordinary computers rather than servers. When the P2P file-sharing software locates the desired files, it initiates the download process.

File transfer protocol operates on two communication channels:

  • The command channel, which is where FTP initiates the instruction and response.
  • The data channel, which is where data distribution occurs.

The end user’s device is the local host and connects to a remote host, which is typically a server. The user logs on to the FTP server and requests to download a file. This initiates the transfer process.

Virtual data rooms are secure online platforms commonly used for an organization’s financial transactions such as mergers and acquisitions as well as fundraising. VDRs offer features such as access control, data encryption, and version control. These features make it so that documents and data can be shared safely without the risk of legal liabilities.

Cloud-sharing solutions store files to an online file-sharing service that uses cloud storage. Users upload files from the service’s control panel, and when a file is uploaded, the server generates a URL that can be used to enable others to access and/or download the content.

Physical file sharing

While cloud-based file sharing may seem increasingly common, just 42% of enterprises used cloud-based storage in 2020. This indicates a consistent need for other methods of data sharing for both remote and in-office work.

One common method of file sharing is through removable storage devices, which are lightweight, portable data-saving devices that provide data storage when connected to a computer, network, or information system. Examples include:

  • External hard drives.
  • CDs, DVDs, and Blu-ray discs.
  • USB sticks (also known as thumb drives, memory sticks, or flash drives).
  • External solid-state disc (SSD) drives.

Any form of data storage not integrated into the computer itself is considered removable storage. Removable storage devices provide a form of data backup that is separate from the centralized computer system, enabling users to transport data back and forth from any number of locations.

Thanks to their small size and portability, removable storage devices are a popular tool for storing and sharing data. They also don’t require power to operate outside of the power derived from plugging them into the end device.

Removable storage devices are also methods of data storage that can be used with or without an internet connection to transfer between two physically present devices. They can safely store data on a physical device––rather than in the cloud––which provides both perceived and actual control over data.

Data storage using the 3-2-1 method benefits from removable storage devices. This strategy involves creating one primary backup and two copies of the data.

The backups should be saved to two different types of media, and at least one backup file should be stored offsite. This reduces the damage of a single point of failure, such as a stolen device or a system crash.

Top risks of file sharing via portable storage devices

Although portable storage devices offer easy-to-use solutions for data storage and file sharing, they propose real risks to data privacy. Some of the more notable risks include the following:

Data breaches. One of the most critical risks associated with removable storage media is the potential exposure of sensitive data. In many industries, this exposure could constitute violations of data and privacy compliance.

When data breaches occur in entities that must adhere to privacy-related compliance regulations, the ramifications can be severe: They can harm an institution’s reputation, lead to operation downtime, and are costly regarding data recovery and potential legal fees from privacy sharing violations.

To protect data stored on such devices, USB sticks and other removable media should be encrypted. This renders all data useless to unauthorized users in the event the device is lost or stolen. Unencrypted removable media can be infected with malicious software, and users can unknowingly spread malware and other data security risks such as viruses between devices.

Theft or loss. Should a removable storage device fall into the wrong hands, it could provide unauthorized entry into a business network. Private information about the business or its clients and customers could be leaked, internal systems could be compromised, and data could be lost.

Malware. Portable storage devices can also be infected with malware or viruses when they are connected to an infected computer or network. If an employee were to open a compromised file from a corrupted portable storage device, they may expose their device or network to malicious programs that could harm their files and other network files.

Violation of privacy laws. Insurance companies, law firms, hospitals, financial services, and numerous other industries typically store and share large volumes of sensitive data. As such, many must follow government and industry-specific data privacy regulations. These regulations can have strict policies regarding authorized data access and methods of file storage.

Protect portable data with WinZip SafeMedia

With so many threats to business systems and data, many organizations find themselves in need of enterprise-level services and products for data storage. These solutions must provide security controls, regulate file access, and offer compliance-friendly file protection, sharing, and storage.

To protect files stored and shared on removable storage devices (and keep data secure even when users are on the move), many companies use a solution like WinZip® SafeMedia™, a solution that secures and compresses data stored on removable devices.

WinZip SafeMedia uses bank and military-grade encryption that complies with all major data privacy regulations including the Federal Information Processing Standard (FIPS) 140-2 and FIPS 197. This enables businesses to reap the benefits of file sharing through portable storage devices and removes the risks associated with this form of file storage and transfer.

WinZip SafeMedia also enables IT administrators to easily uphold protocols and standards that defend businesses against online and offline threats via administrative controls, which include:

  • Enforcement of rules and policies across networks and affected employees.
  • Forced encryption and default password requirements.
  • Password protection for all discs burned by users.
  • Individual and group permissions.
  • System logs, including all files secured to removable media.

Through encryption and password protection, WinZip SafeMedia ensures the right employees have safe access to data and are compliant with company-wide security protocols. Access controls are easily customizable to ensure updated and secure access to the right parties. Should an employee leave the company or change roles, their access can be revoked or updated instantly.

Thanks to its ease of use, enterprise-wide implementation of WinZip SafeMedia is a straightforward process. Users simply drag and drop files to burn copies of CDs and DVDs or copy data onto other forms of portable storage devices.

With WinZip SafeMedia, file sharing is not only safer, but also faster. This is because file compression capabilities do not impact file quality. Since compressed files transmit at one-tenth of the speed of a full-sized file, users spend less time waiting on file transfers and downloads.

Discover how WinZip SafeMedia can help your business securely share files on removable storage devices.

Learn more about WinZip Enterprise today!

Get a Quote

Connect With Us