- There are many cloud-based file-sharing sites, which provide a convenient way to share, edit, and access documents and information.
- Data security is essential to any business, so when choosing a file-sharing site, it is important to keep security in mind.
- Choose a file-sharing site that offers business-grade security and is easy to access remotely.
For most businesses, cloud-based file-sharing services provide easy, convenient access to information at any time, from anywhere. In fact, businesses that are slow to adopt formal, cloud-based file-sharing software may find their employees use their own personal cloud storage services to add a layer of convenience to their work. However, employees that use personal accounts and free services designed for consumer use could be putting your business at high risk for a security breach.
“With work and personal lives becoming increasingly blurred, especially for small business owners and managers, the delineation of work data and personal information has [blurred] too,” said Dan Sloshberg, product marketing director at cloud services provider Mimecast.
This makes secure file-sharing critical for small businesses. With the consumerization of IT and the bring-your-own-device movement, employees now use traditionally consumer-oriented technology for business purposes, Sloshberg said.
“It’s easy to forget that the information we handle in our work lives often requires greater care,” he said. “Its value and privacy can be vital to business success, and it should be adequately protected at all times. [And] data can be at its most vulnerable when being shared.”
Although email is the most common way businesses communicate, collaborate, and share information, limitations within commonly used email systems, such as file-size and storage constraints, often create restrictions, Sloshberg said.
“[These] restrictions force users to find workaround solutions,” he added. “They most commonly turn to consumer-grade file-sharing services to overcome this productivity barrier of email.”
These services, however, are meant for personal accounts and are severely inadequate when it comes to protecting a business’s data.
“The consequences of consumer-grade file-sharing services in the workplace can be far-reaching,” Sloshberg said. Problems include “loss of IP, sensitive data leakage, loss of visibility and [lack of] control over where data resides as well as compliance, regulatory, and e-discovery breaches,” Sloshberg said.
Risks involved with file sharing
- Release of sensitive data. One of the most serious risks of file-sharing software is that sensitive data can be exposed, either intentionally or unintentionally, if employees aren’t careful and proper policies are not in place. Once an unauthorized party gains access to your file-sharing service, it’s difficult to discern what they accessed and just how far your private information has spread.
- Susceptibility to attacks. If your file-sharing software requires you to bypass firewalls to upload or download files, you may be opening yourself up to attackers who can perform distributed denial-of-service, man in the middle and various other cyberattacks against your system.
- Installation of malicious software. Finally, if an employee opens a risky file that was placed on your file-sharing service, they may inadvertently download and introduce malware, such as viruses, spyware, worms or Trojan horses, on their computer and possibly compromise the entire network.
Tips for secure file sharing
To avoid the issues associated with consumer software, Sloshberg advised business owners to find the right file-sharing solution that is designed specifically for businesses.
Sloshberg also shared six tips to help companies keep critical information protected by putting a secure, controlled file-sharing service in place:
1. Take action, and don’t ignore the problem.
A lot of file sharing happens at work. Instead of ignoring data protection, make it a priority by finding a service that allows users to work within email to send and receive files – regardless of size – instead of using workaround solutions.
2. Choose a business-grade system.
Consumer-grade services can leave you susceptible to data leaks and other security threats. They also make e-discovery or statements of compliance difficult. Find a business-grade service that gives you appropriate visibility and security controls, including access control, expiring file access, and compliance and e-discovery.
3. The cloud makes it easy.
You want a solution that you can install and implement quickly at your office. Business-focused cloud services offer an ideal setup speed and ongoing agility.
4. Consider an integrated system vs. a separate-point solution.
You may be tempted to find a stand-alone system that simply delivers file sharing. Consider, though, a more integrated system that includes other key capabilities, such as email security.
5. Train and educate users.
Employees need to understand the sensitivities of different types of information and the risks associated with mishandling sensitive data. They should have a clear understanding of what they cannot share outside the business and secure ways of sharing appropriate information with external parties. If you’ve invested in a secure service, you need to make sure employees use it.
6. Ease of use is crucial.
With easy access to intuitive consumer-grade services, your chosen business solution must be just as easy to use as the consumer options, and as frictionless as possible. This is key to ensuring its ongoing use so that it can successfully protect your business’s information.
What is the most secure file-sharing site?
Citrix ShareFile has excellent security features. The site offers 256-bit AES encryption. If you are hacked, the files will be useless to the hacker. ShareFile also includes a firewall and antivirus protection. If a computer is stolen or owned by a fired employee, you can wipe restricted files remotely from any computer logged in to your account.
Besides the encryption and firewall safety measures, Citrix ShareFile offers brand customization, meaning that instead of your employees and partners seeing a Citrix site, they see your company logo and branding consistently throughout the sharing site. Also, Citrix ShareFile offers folder permission controls, user usage controls, identity-verification tools and file-expiration options – everything you want in a business-grade, file-sharing solution.
Egnyte is a hybrid cloud and local storage solution that also has excellent security features. Like ShareFile, Egnyte transfers files using 256-bit AES encryption over SSL so any data that is compromised is useless to attackers.
Egnyte also offers a custom branding feature so your logo, branding and messaging are reflected. Because it is a hybrid storage solution, the platform can detect changes to files and sync them to keep both copies up to date. Additionally, if one system fails, you still have access to important files via the other source.
Like Citrix ShareFile and Egnyte, SugarSync is a secure file-sharing platform that secures files by using 256-bit AES encryption. You set permissions to allow individuals to access, view or edit specific files. The platform also allows you to remotely wipe devices of sensitive data in the event that a device is lost or stolen.
Like other secure file-sharing platforms, you can share files without providing access to your account. For business accounts, teams can access shared folders from their own individual accounts, and individuals outside the company, such as clients, can use a public link to view specific files.
Is Dropbox file sharing secure?
Yes. While it does not offer all of the state-of-the-art security features that Citrix ShareFiles provides, Dropbox does have standard security features: Files are password-protected, and encryption keeps your files safe.
However, Dropbox does not provide identity verification. If your password and link to files fell into the wrong hands, your information is could be compromised.
Although Dropbox is secure, never use it to store Social Security numbers, health information or other personal information that could put you at risk for identity theft or potential stalking.
Some source interviews were conducted for a previous version of this article.