Exchanging ideas and sharing information are integral parts of working life. Ever since computers and digital technology became central to the way we work, people have exploited various means of passing documents and files containing text, images, and audio-visual data on to colleagues, suppliers and partners.
As technologies have evolved, the methods have improved. Hard copy and floppy disks gave way to CD-ROM and DVD; USB is gradually giving way to Bluetooth, infra-red, and wireless transmission over the Internet.
All well, and good. But insecure methods of data transmission and lax practices in the way that media and information are handled may pose as big a threat to corporate security as actual cyber-assault.
In this article, we’ll be looking at some of the issues surrounding current file sharing practices, and how the processes may be made more secure.
Various Methods are Employed…
Besides printouts, playback recordings, and removable media like flash drives (which all have their use, in specific circumstances), file sharing typically occurs between digital devices in one of two major ways.
In peer-to-peer transmission, data is transferred between systems via a network – which could be a corporate intranet or the larger Internet.
File synchronisation and transmission occurs through application software, on websites, through wireless and Bluetooth connectivity, or via email or file-sharing platforms hosted in the Cloud.
There Are Benefits…
With flexible hours, changing work patterns, and many organisations having remote or mobile staff, it’s important for workers to have access to the information they need to do their jobs, wherever they are, and whenever they need it. They also need to be able to communicate with clients, partners, and suppliers. File-sharing enables this, and with mobile connectivity and live platforms, exchanges of data may be made in real time.
Being able to exchange information in a timely and efficient manner is not only convenient for the users in that moment: it frees up time for them, that may be productively spent on other activities.
There are cost savings, too. Not being required to provide physical storage facilities for all their data on site allows organisations to save on floor space (and associated rental charges), as well as on hardware and data storage media. These economies typically have a knock-on effect, that results in reduced overheads and operating costs for the enterprise as a whole.
And Risks…
The reliability of the data being transmitted is only as good as the file storage and sharing infrastructure through which it passes, and the security measures put in place to protect it. Unless these are all solid, there’s the risk that the integrity of the data you exchange may be compromised. If the files you’re sharing have been tampered with, are inaccurate, or are simply degraded or corrupted to the extent that they’re unreadable, any decisions based on this information are also thrown under suspicion.
Organisations that opt for file-sharing may also put themselves under the scrutiny of those who wish to exploit their data for their own ends – either by stealing it, spying on it, or through outright assault via malware or phishing. Intellectual property may also become a target, with infiltration of file-sharing platforms and corporate espionage leading to copyright violations, plagiarism, or piracy.
Confidentiality is another issue, with the risk that files shared in an unsecured platform may become public – e.g. by hacker infiltration, or leaked through human error. Sensitive or private information may be revealed, leading to embarrassment, reputational damage, and possible legal consequences. And there’s the real possibility of lost revenue – perhaps crippling – if valuable data falls into the wrong hands.
So Take Measures to Increase File Sharing Security:
This is by no means an exhaustive list, but the following recommendations should assure you of greater file security.
1. Choose Your File-Sharing Platform With Care
Popular Web-based file storage services and collaboration platforms like Dropbox or OneDrive are market leaders for a reason: everyone uses them. Sadly, this also includes hackers and spies – so be careful what your organisation puts out on these high-profile and high-visibility sites.
Some enterprises impose a blanket ban on their employees using free cloud-based storage for business purposes. You might consider a hybrid approach, with low-sensitivity documents cleared for sharing and collaboration on public cloud platforms, while classified or business-critical data is handled on in-house servers and storage facilities.
2. Use Strong Access Controls
User accounts on file-sharing platforms should at the minimum be protected by strong passwords (10 or more characters; a mix of lower and upper-case letters, numbers, and punctuation symbols). And these passwords should be changed at frequent intervals; a month or less is standard.
To boost account security, consider using multi-part authentication, with usernames and passwords augmented by having to enter additional information to gain access such as a text message code received on a user’s registered mobile phone number.
3. Use Encryption
Ideally, data involved in file-sharing operations should be encrypted in transit, and while it’s being stored. Not all services do this, so you’ll need to shop around for one that does.
Different nations impose different rules for encryption grade strength, and the degree of access that government or law-enforcement agencies may legally have to data hosted by third parties. So if you’re working across borders, you should also check on the rights that you’ll have under each jurisdiction that your information passes through.
4. Manage Your Range of Devices
Rather then Bring Your Own Device (BYOD), some enterprises provide their workers with an approved range of mobile devices supplied by the company, from which they can select a machine to use for business purposes – a case of Choose Your Own Device or CYOD.
Whichever route you take, your BYOD policy should include firm provisions setting out the range of approved file-sharing practices and platforms, whitelisted applications, and protocols for handling data in the wild. These may include Mobile Device Management (MDM) technologies, and administrative rights to remotely wipe data from machines which are believed to have been compromised, lost, or stolen.
5. Educate Your People
Data transmitted through unsecured emails, sharing of passwords, conducting business transactions on public Wi-Fi, and using unsecured websites or mobile applications are just some of the security lapses to which workers may be prone, if they don’t know about file-handling security matters.
So you should train your people on file-sharing and data security. Formal training may be tutor-led, or via eLearning modules, with refreshers, tips, and reminders issued by email.
Many security analysts agree that scaring people into security awareness using horror stories from the media doesn’t work. Rather, privacy and security issues should be illustrated through examples directly related to the members of your organisation, and the way they operate on a daily basis.
And keep up to date with security matters yourself, by doing online research, keeping an eye on the latest developments, or subscribing to threat intelligence forums.