Actifile Support

FAQ and “How To…” Guides

Our how-to section includes how-to videos, how-to articles, and links to support content. 

 

 

MSP

[insert page=’actifile-installation-considerations-and-important-links’ display=’all’]

How to register a new partner portal account and deploy your first risk assessment (video)

In this video you’ll learn how to:
– Create your own MSP portal on Actifile.
– Create customer tenants.
– Deploy your first data risk assessment customer.

How to white label the Actifile portal and reports (video and article)

Open the partner portal. Select the General Settings tool.

Note: If general settings show a different menu than shown below, you have probably drilled down into a customer portal. Return to the partner portal by clicking on the Partner Portal tab.

Click Upload. Upload a 150x17px image. A transparent background PNG looks best against the Actifile background which is grey (Hex #E1E1E1).

Click Ok in the confirmation popup. At this point you should see the new logo. If you want to go back to the Actifile logo, click Reset to default.

 

Understanding the initial risk assessment results and ongoing monitoring (video)

In this video you’ll learn how to:
– Interpret and present the results of a data risk assessment / audit.
– Create customer tenants.
– Deploy your first data risk assessment customer.


Encryption

How to use encryption to reduce a customer’s data privacy risk (video)

In this video you’ll learn how to:
– Use encryption to reduce customer data liability.

Is Actifile’s encryption a general purpose encryption solution? (article)

No. All encryption solutions work on the same principle of converting plaintext into ciphertext. Actifile is no different and uses AES256 as its encryption library. What differentiates encryption solutions is how they are activated – resulting in the encryption and/or decryption of data.

General purpose encryption solutions are usually manually operated, or operate on a specific folder (or vault). General purpose encryption solutions are flexible – but hard to configure in a way that reduces liability.

Actifile works differently. Actifile’s encryption policies are always triggered by a policy – and are completely automated. Actifile’s encryption is designed to automatically reduce excessive liability – and do it in a way that is least intrusive.

What does “liability reducing” encryption do? (article)

Actifile’s encryption is always tied to policies that detect data (either by content, by source, by type, or by folder), policies which provide an assessment of the liability the data poses to the organization should a data privacy event happen. If excessive liability is found, the operator may opt to activate the encryption to protect some or all of the data,

Encryption and decryption are performed automatically. Data is encrypted according to the detected policy. By default, data is decrypted whenever the data is accessed using a local process (e.g. Word, Excel, Acrobat etc.).

One of the challenges is  that most business systems and workflows require decrypted files for them to be able to process data. Therefore, decryption can also be set to occur when data is uploaded to an authorized application and/or a portal. However, for many organizations, a simpler solution is available: encryption delay. As an example, most healthcare and financial services businesses process information in a timely fashion (a patient is cared for, data is processed, and the clinic generates the billing forms), after which data is no longer processed – just kept for later reference and/or archival purposes. Setting a delay (typically 30-90 days) allows these processes to conveniently complete before data is encrypted.


Compliance

How does Actifile calculate the “value” of data and what does this value mean? (article)

For discovered content: Actifile multiplies the number of discovered records by the assessed “cost” per record and displays this per content type (e.g. SSN).

For discovered activity: Actifile multiplies the number of activities (uploads and downloads) with the assessed incident cost – per each source/destination (e.g. source portal).

The displayed “liability” is an assessment of the cost of addressing a data privacy incident and is based on best available figures. This cost usually comprises of fines and penalties, forensics services, legal representation, PR and notifications costs, increased insurance premiums and subsequent scrutiny. It is an assessment: depending on actual circumstances the cost of addressing an incident may be different – and sometimes even significantly so. Having legal protections (such as business associate contracts, good employee contracts, good HR practices), showing due care, and demonstrating IT compliance can all change the assessed fines, penalties and other associated costs.

How does Actifile help with HIPAA and HIPAA Business Associate Agreements (BAAs) (article)

Out of the box Actifile does have HIPAA ePHI detection, and Actifile uses AES-256 encryption to help protect ePHI and as safe harbor to reduce the risk associated with ePHI.

In regards to Business Associate Agreements (BAA) (or Business Associate Contracts) – what we do is identify destinations: where (both portals and apps) and how much ePHI is going. At that point, it is the responsibility to the covered entity (or its service provider) to formulate and execute the BAA.