March 29, 2017

    3 Reasons Why “Secure” File Sharing Just Isn't Enough Security

    Whatever industry your business operates in, you’re likely to be working with digital files containing sensitive data -- client, financial or proprietary information that you can’t afford to have stolen or compromised by a malicious attack. And it’s your duty to ensure that your organization’s critical data is protected. Many IT directors, business owners and operations managers who are tasked with this responsibility assume that as long as they implement a so-called “secure” file sharing solution, they are completely covered on the cyber security front. If you fall into this category, you are making a huge mistake, and here’s why.

    To understand why a self-proclaimed “secure” file sharing service isn’t enough to truly protect your assets, it’s necessary to think about what the term “secure” actually means. Does it mean that files are password-protected? Does it mean that your solution has encryption capabilities? Certainly, these features are important. But you need to be thinking about “secure” in a more comprehensive sense of the word and extend further to issues like fostering employee knowledge or understanding how the various devices used to access business files create vulnerabilities.  

    Take the time to learn the following three reasons why the “secure” file sharing solution you’re using may not be fully safeguarding your data and defending against the types of breaches and attacks that could seriously damage your organization. 

    REASON #1: Untrained Employees

    Regardless of how secure you think your file sharing software is, your untrained employees pose a threat to the security of your company’s data. If the people using your software to upload, download, share and store files don’t have thorough, ongoing education on the dangers facing your organization, they become your biggest risk.

    At far too many companies, highly insecure methods are still being used to transfer confidential files. Employees are circumventing IT protocols and turning to unsanctioned methods, like instant messaging, collaboration and social media tools. And despite the obvious and significant harm that doing so can cause, there are so many employees who still attach private company documents and data to personal email.

    When employees are not properly educated on the risks associated with their insecure data-handling behavior, they become targets for costly breaches. Think about what your business stands to lose if an employee sends a large file full of highly sensitive, confidential information to a business partner, client or employee, and that file is stolen mid-transfer? This is what happens when a company fails to implement a comprehensive data security training program. The costs of information theft can significantly impact your bottom line, your productivity and your reputation.

    The first step in overcoming these challenges is education. Make sure employees know how to take advantage of all the features and benefits offered by your secure file sharing solution. If they can achieve their desired efficiencies and ease of use, there’s no reason for them to circumvent the software or resort to insecure means of data management. Develop a training program that helps them fully understand the myriad of vulnerabilities facing your business, and where possible threats can originate. Make them realize that whether they intend to or not, they could be raising the organization’s security risk level by employing bad file sharing practices.

    REASON #2: Ex-Employees

    Whether a former employee is let go or decides to move on to another opportunity, they can threaten the security of your data if they still have access to it. Contract information, contact lists, document templates, financial data -- all of this is out there for the taking if your business isn’t adopting a more elevated approach to security.

    An estimated one third of all ex-employees have access to these types of critical files on a regular basis. When it comes to planning for data security and implementing solutions, lots of companies make the mistake of assuming they only need to pay attention to external threats: competitors, hackers and other malicious attackers. These businesses don’t realize that an ex-employee is just as (if not more) likely to be the culprit behind a data breach.

    Mitigating the threat of ex-employees involves putting a firm policy in place regarding how, where and why file sharing services can be used. It is vital to opt for truly secure solutions, like FTP, to lock down permissions and ensure that no employee has access to even a single kilobyte of data they don't need in order to do their jobs. You must also put a firm policy in place regarding what happens when an employee is terminated or leaves the company. Passwords will need to be changed, and accounts deactivated in order to ensure that your data is protected from any efforts to regain entry.

    REASON #3: BYOD

    When employees are not turning to personal email accounts or free file-sharing services, they may be utilizing personal devices, like smartphones, tablets or even USB drives, for file transfer purposes. So what happens when a worker loses the USB device or other external device containing business or personal information? This poses a tremendous risk for the organization.

    As more and more companies have decided to allow employees to “bring your own device” to work, the BYOD trend has had a ripple effect. There’s no denying that this option can be a great way to increase productivity and mobility within your enterprise. But for BYOD to function, each device must have access to your organization’s file server. This means that if an employee should ever lose their device or have it stolen, every last bit of data stored on your server can be exposed to whomever retrieves the device. And without the proper protocol in place, you run the risk of an ex-employee retaining server access from their device even after they leave your organization. After all, you can’t confiscate a personal mobile phone or device when someone quits or gets fired. The bottom line: BYOD can only succeed if you implement file sharing solutions that enable your administrators to regulate who has access to which files and when, as well as to quickly cut off permissions should a device become compromised in any way or an employee leave your organization. Shying away from BYOD is not the answer, as it often brings far more benefits than it does challenges. But the challenges are still significant, particularly when it comes to security. By putting clear-cut policies in place regarding how, why and when information can be accessed using a personal device, you'll find that you get all of the reward of BYOD with as little of the risk as possible.

     

    Tag(s):

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts