How To forum

Question

How do I transfer files securely?

by Clauderz / August 4, 2014 9:52 PM PDT

I have to send some private files to my accountant, but I'm not sure how to do that securely. Can someone recommend me an encryption service?

Discussion is locked
You are posting a reply to: How do I transfer files securely?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How do I transfer files securely?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
Re: encryption
by Kees_B Forum moderator / August 4, 2014 9:57 PM PDT

I'd use a zip-program (like free 7zip) to compress those files and set an encrypion key on the resulting zip-file. Then mail the zip-file to your accountant as an attachment and in a seperate mail tell him the encryption key.
No need to use a service on the web.

Kees

Collapse -
Answer
How secure must it be?
by R. Proffitt Forum moderator / August 5, 2014 4:55 AM PDT

The usual ZIP and password should suffice unless you think you need protection from the usual three letter governmental agencies. In that case we have to move beyond what you find online as all fail to address a common flaw.

And mail/shipping is now less secure than it ever was:
http://www.businessweek.com/news/2014-07-17/fedex-indicted-for-distributing-controlled-drugs-online
"
Basic Tenet

FedEx said last year that an indictment or prosecution in the case would threaten a basic tenet of its shipping business - - not opening packages.
"
Sounds to me that you should put them on a memory stick and hand it to them directly if you must keep it safe.
Bob

Collapse -
Answer
Encryption
by PChem / August 6, 2014 12:11 AM PDT

I wouldn't trust vanilla .zip file encryption, period. The only app I'd trust is Truecrypt. It's compromise is questionable, and its encryption is second to none.

If you have to do it by e-mail or DVD, I'd use Truecrypt (only v7.1a, NOT 7.2 readonly one!!). Use very long key, 25+ characters. Send encrypted files and the key over separate cover. Ideally send files on DVD via US Mail, and use separate US Mail letter for key, with no identification of what its a "key to"; just the key. The recipient should be alerted and will know what to do with the key when they receive it. Of course be sure to point recipient at the source to download Truecrypt. You can walk them through the install if needed.
I'd use Steve Gibson's website: https://www.grc.com/misc/truecrypt/truecrypt.htm

Alternatively, you'd have to set up a VPN connection with the party receiving it. Probably not possible with most small businesses.

**** Luck,
PChem

Collapse -
Answer
Securely Send
by bcsman79 / August 6, 2014 9:15 AM PDT

You could try letting a cloud based service send the file. You could try out Securely Send - Securelysend.com.
It allows you to send the file as an encrypted message with links only to the intended recipients.

Collapse -
Answer
Couple of ways
by AndyCBSNEWS / August 6, 2014 3:54 PM PDT

The easiest way, without the need for either person to install any software, is to use a service like https://www.sendfilessecurely.com . It handles all of the encryption for you and you can password protect it. You upload the file; they download the file. Simple, secure, and free. This is the service I've used with my accountant and mortgage lender.

If both you and the other person are willing to install software, use something like http://www.axantum.com/AxCrypt. This is arguably more secure since the encryption happens on your PC, but it requires you both to have the software installed which is not always an option.

Collapse -
Answer
Encrypted transfer
by IffehWaz / August 7, 2014 6:55 PM PDT

If you don't want to register or pay for your transfer, pCloud Transfer is an option https://transfer.pcloud.com/ .
However, if you want to use an encryption software, try searching for cloud-based services like bcsman79 pointed out.

Collapse -
Answer
Do Folks Really Understand What "Secure/Private" Means?
by PChem / August 7, 2014 10:28 PM PDT

I'm seeing replies about using Cloud Services and sending your data somewhere to be encrypted, etc.
The ENTIRE point of Secure/Private is to have the data in as few hands as possible, and for you to control exactly whose hands touch it. I know I suggested U.S. Postal Service to send encrypted data and separate key, but at least all data was pre-encrypted by you personally, and it's a felony to tamper with it (and pretty anonymous amongst the millions of letters sent every day). Pretty hard to find it unless you're on "their" list.
Any "cloud" service has unknown/questionable ability to handle your critical data. Are they doing due-dilligence on their Server security? Are you handing them anything not encrypted? Big mistake in my book.
We already know GMail is "scanned" like it or not (this weeks article on catching child porn "bad guys.")
Frankly, I wouldn't trust anyone with my truly sensitive data. Want convenience of "cloud", then set up your own on your home network with a NAS, and access it through VPN (capable on many Routers). Putting pictures of yourself and your family for public access? Your travel plans? Your tax info (SS #, etc.) No thanks. Just sit back and think about it. Yes, the Gov. and NSA can probably get at anything they want, but don't make it dumb-***-easy for them. Or for the Black Hat hackers in Eastern Europe and Asia. Remember, your data starts out secure in your hands and in your house. Then YOU are the one that compromises it for convenience or through lack of knowledge.

PChem

Collapse -
Reality?
by AndyCBSNEWS / August 8, 2014 3:11 PM PDT

PChem, what you say is absolutely true, but as Steve Gibson often eludes to, there is a balance between usability and security that we all have to decide upon. Sure I can encrypt a hard drive with TrueCrypt and mail it to my accountant, but is he going to know what to do with it. It depends, but my experience is that it's not likely. I once tried four different methods to get my financials to a loan officer in a secure manner. Every method failed for one reason or another... he didn't have permission to install certain software, their firewall blocked the self-extracting encrypted .exe, etc. The fact is security is difficult for the average person. Thus we have to compromise a little if we want usability which may result in using something like an encrypted cloud service.

Oh, and do YOU really understand what "secure/private" means? I assume you do and you make your own computer components from scratch, right? Or are you placing your trust in the manufacturers of said components which probably come from another country?

Collapse -
I sure do!
by PChem / August 11, 2014 2:40 AM PDT
In reply to: Reality?

Yes I understand what secure/private means quite well, thank you. Most folks do not. And sending anything off to the Cloud is NOT. I quite successfully sent Truecrypt'ed files to my lawyer, and he opened them easily with the software already on the CD; and he is NOT a techie. My clear instructions and set of files is all one needs.
You don't send a self-extracting .exe, that gets flagged by the System and A/V for sure (but should still be OK after a scan). Send a file with no extension. Truecrypt let's you manually browse to the file. If an accountant can't follow simple directions, I'd seriously consider getting a new one.
Another advantage of sending encrypted files, is that if the accountant leaves the CD lying around, it still does nobody any good because they don't have the decryption key.
Bottom line: If you are sending your SS # and other such info to ANYONE you are not familiar-with in an un-encrypted manner, along with personal financial information, your are taking risks I would never be comfortable with. But it's your identity, not mine. Do as you please. Convenience will be most people's Achilles' Heel. The 1-2 hours of extra effort to perhaps drive somewhere and hand-deliver a package is inconvenient. But its' nothing compared to the 1-2 years to get our from under an Identity Theft.
I most certainly do build my own PC's from retail parts and software. No crapware, no OEM-hobbled boards. Performance: outstanding.
If the NSA wants to get at my machines, neither you nor I will stop them. But with proper personal security practices, NAT-router, software Firewall, and A/V, I'm at least doing my due diligence to discourage the "easy-pickens" black-hats.

Good Luck
PChem

Collapse -
Reply
by AndyCBSNEWS / August 13, 2014 12:28 PM PDT
In reply to: I sure do!

Try telling someone's mother that your "clear instructions" are all they need. I'm guessing you don't deal much with the computer illiterate.
And I didn't mean building your own PC with retail parts. I was referring to making the parts yourself from scratch. You "think" you are secure, but if you didn't manufacture your computer components, router, software, etc. yourself then you are no better than the person trusting a cloud provider.

Collapse -
SYNTAX ERROR
by Ferretkeeper / August 13, 2014 6:33 AM PDT
In reply to: Reality?

"PChem, what you say is absolutely true, but as Steve Gibson often ELUDES to, there is a balance between usability and security that we all have to decide upon"

alludes

Collapse -
LOL
by AndyCBSNEWS / August 13, 2014 12:11 PM PDT
In reply to: SYNTAX ERROR

Welcome to the Internet! A place where people take time to leave a comment that has nothing to do with the discussion at hand, but instead corrects one spelling/grammar error (ignoring the fact that people leave comments from various devices that are known to incorrectly auto-correct). Bravo Ferretkeeper, bravo.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.