Secure file sharing: Don’t risk a breach from sharing personal data

eu-data-protection

When businesses think about cyber security, their thoughts usually jump to phishing scams, malware or other deliberate theft or sabotage. Yet every day businesses are breaching their own security policies and risking compliance. The cause is employees sharing personal data via email or consumer-grade file sharing apps. These aren’t the right tools for the job, so it’s essential to equip staff with secure file sharing technology and knowledge to protect your organisation’s data.

 

Email

Email is one of the biggest problems. Businesses rely on it so much to communicate back and forth, that employees often send things without thinking. Attaching a customer file or patient record is an easy mistake to make. But, in a typical email setup, the servers don’t encrypt the email attachment, so it is not secure. That may constitute a breach of the General Data Protection Regulation (GDPR), the risk of a fine and damage to your reputation.

Email doesn’t provide any guarantee of delivery either, or visibility of the transfer, which is another must for compliance.

 

File sharing apps

If a member of staff needs to send a large file and it’s too big to attach to an email, they often jump onto a file sharing application like WeTransfer or Dropbox. But consumer-grade applications lack in-built security. Again, there’s no audit trail of the transfer and you end up with multiple versions of files sitting in various locations, which no one else can access to wipe if that member of staff leaves. Not all of these solutions will confirm where a file is held either so you may have data stored outside of the EU.

 

Secure file sharing

Anything including sensitive, personal or valuable data – like company IP – needs to be handled very carefully. Our advice is to add a secure file sharing solution to your IT infrastructure, to encrypt and securely transfer files. These are sometimes called secure email, ad hoc, or Electronic File Sync and Share (EFSS) solutions.

Most will provide a plug-in to your email client, which makes it easy to use and accessible. Some can be configured to automatically secure emails under certain conditions based on your IT security policy, so employees don’t even need to know it’s there. There are no file size limits either, and IT maintain a full audit trail. These solutions often support file collaboration between your employees and external partners too, which is an added bonus.

Full features of a secure file sharing solution include:

  • Access control / permissions
  • Secure data wiping
  • Secure protocols (HTTPS and sometimes SFTP & FTPS)
  • User authentication
  • Auditing and reporting
  • Encryption of files (PGP or AES)
  • Administrator overview
  • Data residency within the EU

Recommendations

If you think you need a secure file sharing solution, our free bespoke software comparison service will save you weeks of research time and identify the right solution for you. It is informed by over 15 years’ experience delivering secure file transfer solutions, a deep understanding of user needs and continuous review of the multiple vendors on the market.

You complete a series of questions about your current and future business requirements, and receive a bespoke report from our technical consultants recommending the best solution for your needs and budget. You can either complete the ad-hoc or Managed File Transfer (MFT) service, depending on what you need the solution to deliver.

 

Use this service if you are looking to address person-to-person file sharing only, as outlined in this blog.

 

Use this service if you also need to automate transfers and integrate between applications.

Need further expertise? Download our FREE resources