I don’t really know in what format you deliver your reports to your clients, and it would be great if you could comment on that - but here’s a tool that I’ve used before to turn a word document into an “uneditable” (not saying it can’t be reversed) PDF version.

Reasons why you may want to do that.

1- You’re not giving out a template report document, therefore making it harder for someone to edit/redistribute.

2- Making sure that your Word document isn’t disclosing any information isn’t easy. I’d recommend taking a look at all strings (don’t forget ucs2be)  inside the binary, before sending that out.

http://www.pdfforge.org/products/pdfcreator/

Thanks

I already talked a bit about encryption software you can use to store files safely in your computer, but what about transferring sensitive information? what about sending sensitive information through e-mail?

For encrypted e-mail to work properly, we need software and/or practices on both ends. This means that if you want your communication with your clients encrypted, then you need to get your clients to do something - which is not an easy thing to do. Actually you just convinced your clients to pay attention to you and you even sold them a product/service, now you need to use your m4d jedI skills to get them to encrypt their communication - good luck on that.

Truth is that most of them will pay attention, they are already putting money in the table for you, they somehow trust that you will perform as expected or even far beyond their expectations; then why in the hell wouldn’t they say ‘yes’ to encrypted communications?

And so it begins. What are your options? What’s out there for you?

I personally use PGP (http://en.wikipedia.org/wiki/Pretty_Good_Privacy) but in its GNU version (http://www.gnupg.org/), where I represent myself using my Public Key (visible to anyone I want to share it with) and using my Public Key then clients can encrypt sensitive information and send it over. I then have something very private, called a Private Key - which I need to use in order to decrypt any information that was encrypted using my Public Key. It works the same way for both ends, therefore I need to request the public keys for anyone on the other side, and use that public key to encrypt any sensitive information before I send it over.

So what do you encrypt? If you need to send any outstanding sensitive components then you could simply use the GPG command line utility, encrypt the files and attach them encrypted to your e-mail.

But what happens when you need to send several e-mails a day, and say more, where the contents of the e-mail themselves are sensitive. Dialing information for a conference call, pricing information in the form of ballpark estimates or more? Launching a command line tool to encrypt the e-mail contents and storing those in a file, attaching the file or pasting the encrypted contents in an e-mail to then send the e-mail…sure turns into a headache.

But thanks to lots of very clever programmers and project managers, and QA…and…thanks to lots of people, there are a series of programs that you can use to Adapt PGP to your e-mail client.

The process then turns into:

- You request public keys and import them to your keys database (most of the times just 1 click away)

- You write an e-mail as usual (making sure that the Encrypt e-mail feature is enabled)

- You hit the send button.

- Any other variation that may require one additional step.

- You’re done.

 So back to discussing the alternatives around PGP/GPG - how do you integrate it with your e-mail client?

1. Enigmail (http://enigmail.mozdev.org/) - Works with Thunderbird, SeaMonkey, Mozilla and Netscape. This is the one I currently use and it kicks ass.
2. PGP Desktop (http://www.pgp.com/) - Works at least with Outlook. This is the one your valuable clients may already be using. It isn’t free - so good luck in trying to convince someone into buying a license.
3. What could the third one be? I encourage anyone to submit more options!

Tired of writing - hope you found this useful.

Thanks for reading.

If you work with sensitive information,  you need a safe place to store it. Even if the information is temporary stored in your computer and needs to be removed sometime, you need a safe way of deleting/wiping it off your drive.

These are the three most popular options at the moment:

• TrueCrypt (http://www.truecrypt.org)
• BestCrypt (http://www.jetico.com)
• PGP Disk (http://www.pgp.com/) 

My recommendation goes for TrueCrypt - which is the only one open source from above and provides a wide set of tested algorithm implementations. I did try using BestCrypt before, but it isn’t free and I experienced twice a very uncomfortable situation where the encrypted containers got corrupted and the encryption keys were no good.

The encryption algorithms provided by TrueCrypt are:

• AES
• Serpent
• Twofish

In addition, you may ‘cascade’ two or more algorithms.

TrueCrypt and BestCrypt are multiplatform - BestCrypt provides a Linux binary which I successfully tested in the past - it is packaged in the form of several utility binaries which I believe were suid and for which some security vulnerabilities were published in the past.

I currently have my e-mail profile stored in one encrypted container and any sensitive information stored in a different container -that way I don’t have the container with all the sensitive information mounted at all times.

I would avoid using the auto-mounting features - it makes little sense to have everything stored in a secured container and having it accessible at all times.

Try them out and let me know!