Results 1 to 14 of 14

Thread: best way to send confidential documents securely?

  1. #1
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,334
    Thanks
    1,680
    Thanked
    1,277 times in 954 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    best way to send confidential documents securely?

    Need to get some docs to a solicitor but can't get there in person. What's the most secure way of doing it? I can encrypt a zip file but it relies on them using 7zip to open it. Or I can dropbox it, but then it's out in the cloud, and I'm not sure I'm good with that in an unprotected form. Same reason I don't want to just email pdfs...

    I can't be the first person to have this problem. What do people do?

  2. #2
    Banned
    Join Date
    Jun 2008
    Posts
    2,129
    Thanks
    13
    Thanked
    189 times in 160 posts

    Re: best way to send confidential documents securely?

    Fax it.

  3. #3
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: best way to send confidential documents securely?

    Post with guaranteed and signed for delivery. Costs about £4.

    Although in my (limited) experience most solicitors just use insecure e mail, but depends what aspect of security you are concerned with, privacy, assured delivery, non-repudiation or availability.

    Post pretty much ticks all those boxes, as does fax, at least to the point of delivery to the solicito's office. Email rarely goes astray if it is correctly addressed and the odds of it being intercepted in transit is very low, so it also ticks all the boxes apart from non-repudiation, and is potentially more private if it goes to the desk of the intended recipient. However you are relying on the underlying security of the recipients IT system to keep it safe, but since your documents may be scanned or otherwise stored electronically at some point that is true regardless of the transmission method.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  4. Received thanks from:

    ik9000 (20-12-2014)

  5. #4
    Registered User
    Join Date
    Dec 2014
    Posts
    1
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: best way to send confidential documents securely?

    I run into the same thing all the time. If both parties can install 7zip, that's a good way to go- AES encrypt, share the password, and you are done. However, that's not always an option, so I use sendfilessecurely.com. It's free, doesn't require any software, and encrypts both while transmitting as well as when stored (yes, it's in the cloud, but it's stored encrypted which is about as secure as you can ask for). You upload, send the link, and the other person downloads via their browser.

  6. Received thanks from:

    ik9000 (20-12-2014)

  7. #5
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,230
    Thanked
    2,291 times in 1,874 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: best way to send confidential documents securely?

    Quote Originally Posted by ik9000 View Post
    ... I can encrypt a zip file but it relies on them using 7zip to open it. ...
    Make sure it's a .zip file and use zipcrypto and it'll open fine in Windows Explorer. It's not ideal, but it's better than nothing. Or ask if they're able to install something like AxCrypt, which does single file encryption. Or set up a password protected area on a cloud service. The issue with all of those option, thought, is that you still need to transmit a password to them somehow, so you're only really adding complexity, not security - there's still going to be an unsecured transport stage involved.

    Royal Mail signed for is probably your safest, if slowest, option - and ultimately that's still not secure from an unscrupulous posty or someone intercepting the mail. But ultimately, if someone *really* wants to read your documents they're going to find a way to do it anyway, so is what you're sending really sensitive enough to warrant all the hassle of securing it?

  8. Received thanks from:

    ik9000 (20-12-2014)

  9. #6
    DILLIGAF GoNz0's Avatar
    Join Date
    Jun 2006
    Location
    Derby
    Posts
    10,872
    Thanks
    632
    Thanked
    1,192 times in 945 posts
    • GoNz0's system
      • Motherboard:
      • Asus Rampage V Extreme
      • CPU:
      • i7 something X99 based
      • Memory:
      • 16gb GSkill
      • Storage:
      • 4 SSD's + WD Red
      • Graphics card(s):
      • GTX980 Strix WC
      • PSU:
      • Enermax Galaxy 1250 (9 years and counting)
      • Case:
      • Corsair 900D
      • Operating System:
      • win10 64bit
      • Monitor(s):
      • Dell 24"
      • Internet:
      • 220mb Cable

    Re: best way to send confidential documents securely?

    my work payslip pdf has a password, simple enough?

    Capitalization is the difference between helping your Uncle Jack
    off a horse and helping your uncle jack off a horse.

  10. Received thanks from:

    ik9000 (20-12-2014)

  11. #7
    Account closed at user request
    Join Date
    Aug 2003
    Location
    Elephant watch camp
    Posts
    2,150
    Thanks
    56
    Thanked
    115 times in 103 posts
    • wasabi's system
      • Motherboard:
      • MSI B85M-G43
      • CPU:
      • i3-4130
      • Memory:
      • 8 gig DDR3 Crucial Rendition 1333 - cheap!
      • Storage:
      • 128 gig Agility 3, 240GB Corsair Force 3
      • Graphics card(s):
      • Zotac GTX 750Ti
      • PSU:
      • Silver Power SP-S460FL
      • Case:
      • Lian Li T60 testbanch
      • Operating System:
      • Win7 64bit
      • Monitor(s):
      • First F301GD Live
      • Internet:
      • Virgin cable 100 meg

    Re: best way to send confidential documents securely?

    Quote Originally Posted by ik9000 View Post
    Need to get some docs to a solicitor but can't get there in person. What's the most secure way of doing it? I can encrypt a zip file but it relies on them using 7zip to open it. Or I can dropbox it, but then it's out in the cloud, and I'm not sure I'm good with that in an unprotected form. Same reason I don't want to just email pdfs...

    I can't be the first person to have this problem. What do people do?
    Have used 7zip and stuck a copy of 7zip portable (http://portableapps.com/apps/utilities/7-zip_portable) on the CD with the files. Brief open this, then this, use password I phoned through earlier instructions included...

    Or use a PDF passwording tool and a LONG pw, although they're not that great.

  12. Received thanks from:

    ik9000 (20-12-2014)

  13. #8
    Large Member
    Join Date
    Apr 2004
    Posts
    3,720
    Thanks
    47
    Thanked
    99 times in 64 posts

    Re: best way to send confidential documents securely?

    I have to say 7-zip seems the most appropriate out of any of the suggestions.

    This post probably is not helpful if the question is 'how should i send these files securely?'. But if instead we are debating the methods, all suggested thus far are flawed, including the OP's suggestion.

    7-zip is open source software however. If you have the ability (and inclination of course) you can exmaine the sources of the version you are using and see precisely what it does. If you are content with the way it works you could ensure that the recipient is also running the same build. The problem is of course both sender and recipent are reliant in the process on other levels of abstraction who's details to which they are not privy, not to mention the security of the environment of the sender and recipient before and after decryption respectively, and whilst we're at it, the security of the documents in the hands of human beings.

    The gist of which is that in theory - as far as I'm concerned and to which I would advise others is the case - no method is as secure enough. In practice, perhaps 7-zip isn't perfect, but it sits somewhere near the top of the pile as an imperfect solution to the problem.
    To err is human. To really foul things up ... you need a computer.

  14. Received thanks from:

    ik9000 (20-12-2014)

  15. #9
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,230
    Thanked
    2,291 times in 1,874 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: best way to send confidential documents securely?

    Quote Originally Posted by scaryjim View Post
    Make sure it's a .zip file and use zipcrypto and it'll open fine in Windows Explorer....
    Got paranoid that I was giving bad advice so I've tested this at work. If you use ZipCrypto as the encryption method this works fine. If you use AES-256 Windows can't extract the file. ZipCrypto is pretty weak, but would deter casual snoopers. So as I said previously, the real question is just how sensitive the documents are, and how much effort you're willing to go to to protect them....

  16. Received thanks from:

    ik9000 (20-12-2014)

  17. #10
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: best way to send confidential documents securely?

    Might be worth asking the recipient what sort of security they use, and expect you to use, and more importantly, what they will accept. Some gateways will not accept encrypted files because they cannot be scanned for malware.

    do you think your documents are likely to be targeted, and what is the impact if they weren't delivered or if the contents were divulged?
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  18. Received thanks from:

    ik9000 (20-12-2014)

  19. #11
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,459
    Thanks
    1,539
    Thanked
    1,022 times in 868 posts

    Re: best way to send confidential documents securely?

    You can also create self-extracting archives with 7zip, but the output is an exe which can itself cause issues with some email systems (for obvious reasons, as exe attachments have the potential to be malware, etc).

    Perhaps the receiving party uses PGP? If so, and you do, then that would be another way. Either way though, you need a solid way of ensuring you're 'talking' to the right person, whether it's PGP chain of trust, or pre-shared passphrase, etc. Obviously, sending the password in the same email as the attachment makes it a bit pointless.

  20. Received thanks from:

    ik9000 (20-12-2014)

  21. #12
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,334
    Thanks
    1,680
    Thanked
    1,277 times in 954 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: best way to send confidential documents securely?

    we took them as paper prints hand delivered. PITA but much happier that way than having it sat on an email server and pushed to someone's smart phone.

  22. #13
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: best way to send confidential documents securely?

    Quote Originally Posted by ik9000 View Post
    we took them as paper prints hand delivered. PITA but much happier that way than having it sat on an email server and pushed to someone's smart phone.
    And that is a very good point! It isn't enough to consider the security (in all aspects, confidentiality, integrity, availability etc) of just the transmission medium, you have to consider the security measures of the receiving organisation. It is an end-to-end process, not just the bit in the middle.

    That said, one would hope that a solicitors' office would be security conscious, although I'm not sure that hope is always realised. Security is as much a management process as it is of technical measures.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  23. Received thanks from:

    ik9000 (20-12-2014)

  24. #14
    Admin (Ret'd)
    Join Date
    Jul 2003
    Posts
    18,481
    Thanks
    1,016
    Thanked
    3,208 times in 2,281 posts

    Re: best way to send confidential documents securely?

    Quote Originally Posted by ik9000 View Post
    we took them as paper prints hand delivered. PITA but much happier that way than having it sat on an email server and pushed to someone's smart phone.
    Looks like I'm too late to matter, but my advice would've been two-fold. First, as per Peterb's last comment (before my quote) I'd suggest asking the solicitor. Some are tech-savvy. Some are .... erm .... dinosaurs.

    Second, depends on what the doc's are? Some have to be originals, not fax/photocopy/scanned PDFs, etc. Third, putting them in ANY other party's hands, be it email service, cloud service, Royal Mail (see note), secure confidential courier, etc, ALWAYS involves an element of risk, and sometimes the extent is unpredictable.

    So, if either the actual on-time arrival is critical, or the impact of losss is important, or the leaking of info contained is important, make the effort regardless of inconvenience and hand-deliver. But only you know how damaging non-arrival, or entire loss, wouod be.

    For instance, losing a payslip might be undesirable, for privacy reasons, but not a disaster. I have the actual Deeds to my house, and physically losing those would be, at the very least, one hell of a pain.

    So, decide according to nature and extent of risk, and damage caused if something goes wrong.



    Note. I don't trust even Royal Mail 'signed for' services, IF the nature of the document means loss could be a problem. I'm aware, for instance, of one Police service that used to issue court Summons papers via Recorded or Registered post, because, in the event of subsequent non-attendance on the court date, an arrest warrant would be issued. But proof of delivery wouod be critical in the subsequent ... consequences .... for ignoring a Summons. And, time and time and time again, when proof of delivery, on a signed-for service, was requested by the Police, over a Court Summons, RM were unable to provide proof of delivery. As a result, they stopped using it. That was quite a while ago, and thinfs may have changed. But the upshot was that if delivery fails, the best you can hope for is some compensation. It may be trivial if the result was, for instance, losing a house purchase.

    The ONLY way to be sure they arrive, safely and securely, is to hand-deliver, so IF the doc's are sufficiently important, do that.

  25. Received thanks from:

    ik9000 (20-12-2014)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •