Sending large files over the internet comes with a giant security risk. Files can be hijacked in transit and if you don’t use a secure file transfer system, your files can be accessed by an unknown number of people.
For many people, sending large files online is unavoidable. If you can’t get around online transfers, here’s how you can secure your required data transfers.
1. Encrypt all data end-to-end
End-to-end encryption is underrated. It doesn’t matter how secure your company network is; if you’re sending large files over the internet, those files need to be encrypted in transit and at rest.
For the ultimate protection, you need a file sharing platform that offers data encryption. For example, you can send large files securely with Box using data encryption, password protection, and expiration dates for file links.
Encrypted files are like an extra security policy against an unsecure file transfer platform. If there’s ever a data breach, if your files are encrypted and your decryption key is secure, you don’t have to worry.
Encryption is your best defense against data breaches
Unsecure file transfer platforms are breached often, leading to stolen and compromised data. For example, the Accellion FTA file transfer platform, used by law firms and other large corporations, was breached sometime in 2020. The company disclosed the attack on February 1, 2021.
This breach affected the Jones Day law firm, and confidential information was published on the dark web. Unfortunately, the law firm didn’t encrypt the files stored on their cloud file sharing server.
When you don’t have control of your file sharing server, encrypting your files is the only way to absolutely ensure nobody gains unauthorized access to your data. When files are encrypted, hackers can steal your data, but they won’t be able to read the information.
2. Know your data regulations
Are you bound by HIPAA, CJIS, or CCPA? No matter what data regulations you’re required to follow, you need to know if there are any specific requirements for data transfers. Most data protection laws don’t dictate how you need to transfer files, but will require you to use a secure file transfer method.
If you fall victim to a data breach from using an unsecure method to transfer files, you will be held liable for damages.
When transferring files protected by federal or state regulations, don’t skimp on security. It’s tempting to use a quick, free, web-based file transfer service, but that’s not secure enough. Your immediate transfer might be secure, but your files could sit on the server for a long time, and you can’t guarantee the company will never experience a data breach.
3. Know your part in the shared responsibility model
Cybersecurity is a shared responsibility. No file sharing platform is inherently secure from top to bottom because users are responsible for setting their own file sharing permissions. For example, a file sharing platform can be secure on the company’s end, but if the customer fails to restrict access to files and folders, it’s not secure.
It’s critical to know your role in securing your file transfers. This can include a variety of factors like:
Knowing your file sharing platform inside and out so you know which settings to enable, disable, and how to restrict access to files and folders globally.
Making sure all employees and contractors understand their responsibilities.
Creating and enforcing a strict IT security policy. For instance, you might require employees to be connected to a VPN before sharing files or links to files.
Storing files as encrypted, password-protected PDF or .zip files.
Having a policy that limits the number of people authorized to transfer files to other parties.
4. Don’t send files unless absolutely necessary
Send large files on a need-to-know basis. The more people you share your files with, the greater your security risk. The simple solution is to only share files with people who need the information. You’d be surprised at how many people don’t actually need the files they request.
For example, you might be in the habit of copying your web designer on every email you send to your programmer. To a degree, they need to be in the loop. However, if you’re sending a sensitive customer database to your programmer for a specific project, you don’t need to send that file to your web developer.
Security comes first
Cybersecurity isn’t always convenient, but it should be a priority. If your data falls into the wrong hands, all it takes is one lawsuit to put you out of business. Protect yourself by securing your file transfer strategies.
By Steve Landry