A consultant yesterday asked me to tell her about the data loss prevention system my company is reselling which is called Actifile. She told me she is working with a law firm that wants to protect their PHI and PII data and asked me how the system worked.
Because the goal is to encrypt every file that contains PHI or PII data or the firm’s clients’ sensitive information, you put the Actifile agent on each person’s computer. That way, if the person creates a file with PHI or PII or the client’s sensitive data or downloads a file from Dropbox or any other system or someone emails them a file, Actifile will know about it and their AI-based program automatically encrypt the file. Which files should be encrypted? Actifile comes with pre-built policies for PHI, PII and HIPAA regulations as well as a list of others, and allows you to add your own policies to protect whatever you want to protect. The company’s intellectual property? Absolutely. It’s the files that have data that aligns with one of your policies that’s encrypted.
Actifile will track all the parameters of that file and track its use: at rest, in use or in transit and, using rates from the FAIR Institute, calculate the dollar value of all of the data. Want to get leadership and the Board’s interest in cybersecurity? Tell them that the firm’s data are worth $281,000,000 or some other big number. Also, once you know that amount, if it changes dramatically one day, you can look at the data and find out why. The Actifile dashboard tracks that as well.
She asked me how much it costs. I told her $31.25 per device if billed monthly and $25.00 per device (20% less) if billed annually. If the law firm has 100 people, the monthly cost is $3,125. Insignificant, right? Want us to administer it for you? That costs $3 per device per month more.
As someone who has managed a customer education department and written more user guides than I thought I ever would, one of the first things I saw was that there is no End-User User Guide. The end-user doesn’t know the file being used is encrypted. One thing this means is fewer calls to the help desk. The Actifile agent was put on my computer and when I looked at the Administrator application a couple of days later, I saw that all these files had been encrypted and the value had been calculated. I had done nothing.
When you think about it, if the goal is encrypt every file that contains PHI or PII or other sensitive data, how else would you do it? There has to be an agent on each person’s computer. Concerned about agents? Actifile is already on thousands of people’s computers and there hasn’t been an issue yet. It’s not a problem.
It’s very cool.
