Easy old school encryption ( attach an encrypted file )

We send out encrypted files all the time as we have important regulations we need to adhere to.  Now we need to get some of our modified data back from our onsite contractors and they do not have access to our "automatic in-house resources"

We have many onsite people in many different offices that need to encrypt files, attach them and send them back.  Sending out instructions ahead of time is not going to work as they will be ignored or they will call to ask what the email says.  

Is there some sort of Hippa certified website that we can pay a few dollars a month for?  Is there a web link that will encrypt a file?  

thx
TIMFOX123Asked:
Who is Participating?
 
EirmanChief Operations ManagerCommented:
@andreas
But this left unencrypted temp copyies on the contractors system that can be restored with data recovery tools.
You are probably right, but that is not an issue for the OP (at least I think so).
They will probably be saved locally from time to time anyway.

The important thing is that the documents are always encrypted when emailed
with the least amount of fuss for the various contractors.

One other useful feature for contractors would be the "Add To Archive" for new documents. Using a global/default password in the archive would mean contractors wouldn't have enter a password to encrypt the new file.

You can password winrar archives in 2 ways ....
1) Global/default password: You use the password once to open the archive and list the files.
   You can then open/edit all file without a password.

2) You don't need a password to open the archive and list the files.
    You need a password to open/edit individual files.
0
 
andreasSystem AdminCommented:
How about operating a web-service yourself which uses ssl encryption to let the outside contractors upload the files to you.

Im not sure such a process fulfills the hippa requirements but the file is encrypted once left the System of the contractors during upload, on reception of the file your server could encrypt it your usual way and save them on hdd or forward them.

Just an idea. The web service you are asking for had the same problem, that the files are ssl encrypted only on upload, so if they can make it hippa complaint you should be able to to it too.
0
 
PcGod718Commented:
ive used these guys in the past without issue, but its only ssl, i dont know if that will satisfy your hipaa requirements though.
https://www.filesdirect.com/blog/ssl-encryption-for-large-files
https://www.filesdirect.com/file-transfer-features/secure-file-transfer
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
footechCommented:
I know Box.com encrypts files at rest that are uploaded to them.  In transit the files are protected with SSL.  I don't have a link that shows this, but I know we chose them because they fulfill our needs for PCI and HIPAA compliance.
0
 
EirmanChief Operations ManagerCommented:
Keep all your files within a ZIP (or better RAR) archive.
When your contractors receive the archive, they open it (but DO NOT extract/decrypt any files).
They can open individual files and edit/print them, and close the archive.

This way the files stay encrypted all the time
The contractor only has to email one file back to you.
The contractor doesn't have to encrypt anything.

(I recommend Winrar for this)
0
 
NVITCommented:
@Eirman,

When your contractors receive the archive, they open it (but DO NOT extract/decrypt any files). They can open individual files and edit/print them, and close the archive.

Sounds conflicting. Please clarify this step.
0
 
EirmanChief Operations ManagerCommented:
Suppose the password protected archive is called ProjectX.rar and it contains .....
Doc1.doc
Doc2.doc
Doc3.doc
Doc4.doc
Expenses1.xls
PresentationX.ppt

When the contractor opens ProjectX.rar they will see the above list  ~~~~ The documents are still encrypted.
They open a document for editing (Password required) ~~~~ The documents are still encrypted.
They edit the document and save it ~~~~ The documents are still encrypted.
They close the archive and Winrar asks if "you want to update the archive" ~~~~ The documents are still encrypted.
The normal answer to the above would YES ~~~~ The documents are still encrypted.
The updated archive is emailed back ~~~~ The documents are still encrypted.

With this workflow, the documents always remain encrypted so the contractor does not have encrypt them.
0
 
NVITCommented:
I see. So the files aren't extracted, separating it from the archive. Thanks, Eirman
0
 
EirmanChief Operations ManagerCommented:
It's just as well you asked NewVillageIT
Things should be a lot clearer to the OP now.
0
 
andreasSystem AdminCommented:
Will win rar really map the access to the opened file transparently to the inside of the archive?

I think it will extract the opened encyrpted files, save a unencrypted temporary copy, then word/other app operates on that temp copy. And on release of the temp file handle trom the app winrar is updating the encrypted file in the archive and deltes the temporary file.
But this left unencrypted temp copyies on the contractors system that can be restored with data recovery tools.

But its only a guess on how winrar works, ive not looked at it for a few years, maybe now it has better integration in windows and can transparently handle this. But last ime ive seen winrar it was surely the temp file method.
So you should check it out b4 using this approach. You may chack it with tools like filemon, procmon from sysinternals.

[UPDATE]

I've just checked with sysinternals procmon myself, and yes. The file will be unencrypted by winrar, then saved to the users profiles temp path and then after editing winrar will put it back into the archive. So my above guessing is still valid today.
0
 
TIMFOX123Author Commented:
So many great answers.

My solution is in this but due to hippa I should not say which one.

Thank you all
0
 
andreasSystem AdminCommented:
Hippy is really depending on security through obscurity? If yes its not a good concept, but neverthemind, many of such certifications arent ;)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.