When businesses think about cyber security, their thoughts usually jump to phishing scams, malware or other deliberate theft or sabotage. Yet every day businesses are breaching their own security policies and risking compliance. The cause is employees sharing personal data via email or consumer-grade file sharing apps. These aren’t the right tools for the job, so it’s essential to equip staff with secure file sharing technology and knowledge to protect your organisation’s data.
Email is one of the biggest problems. Businesses rely on it so much to communicate back and forth, that employees often send things without thinking. Attaching a customer file or patient record is an easy mistake to make. But, in a typical email setup, the servers don’t encrypt the email attachment, so it is not secure. That may constitute a breach of the General Data Protection Regulation (GDPR), the risk of a fine and damage to your reputation.
Email doesn’t provide any guarantee of delivery either, or visibility of the transfer, which is another must for compliance.
File sharing apps
If a member of staff needs to send a large file and it’s too big to attach to an email, they often jump onto a file sharing application like WeTransfer or Dropbox. But consumer-grade applications lack in-built security. Again, there’s no audit trail of the transfer and you end up with multiple versions of files sitting in various locations, which no one else can access to wipe if that member of staff leaves. Not all of these solutions will confirm where a file is held either so you may have data stored outside of the EU.
Secure file sharing
Anything including sensitive, personal or valuable data – like company IP – needs to be handled very carefully. Our advice is to add a secure file sharing solution to your IT infrastructure, to encrypt and securely transfer files. These are sometimes called secure email, ad hoc, or Electronic File Sync and Share (EFSS) solutions.
Most will provide a plug-in to your email client, which makes it easy to use and accessible. Some can be configured to automatically secure emails under certain conditions based on your IT security policy, so employees don’t even need to know it’s there. There are no file size limits either, and IT maintain a full audit trail. These solutions often support file collaboration between your employees and external partners too, which is an added bonus.
Full features of a secure file sharing solution include:
- Access control / permissions
- Secure data wiping
- Secure protocols (HTTPS and sometimes SFTP & FTPS)
- User authentication
- Auditing and reporting
- Encryption of files (PGP or AES)
- Administrator overview
- Data residency within the EU