How Would You Prefer To Send Sensitive Data?

sprkltgr writes "Our HR department is implementing new software. The HR Director has tasked me with sending our data out of our network to the consultant that's loading it in to the new package. Obviously this data includes items such as SSN, name, birth date, etc. Upon being told that I would not email this data to her, the consultant asked what my security requirements were for sending the data. What would be on your wishlist for the best way to send sensitive data to someone outside your firewall?"

Re:PGP

[Simon+Brooke]

They may very well have the resources to break a message or two. But is this message important enough to spend a decade of processing power on? No reason to be paranoid, usually people aren't important enough for their messages to be interesting. And SSNs? Like NSA couldn't get them from anyplace else.

You aren't thinking.

Multiply the number of employees in the company by US$50, and that's what this data stream is worth to an identity fraudster. If the identity fraudster also controls a botnet, a decade of processing power not only costs nothing but also can be supplied in a week of wall-clock time.

No, usually encrypted messages aren't worth cracking, because individually they're mostly not worth a lot of money. But this datastream is worth a very large amount of money. If the attacker knows what it is, it's definitely worth cracking.