File sharing is a critical everyday practice throughout the company. The wide-scale adoption of instant messaging and collaboration tools, as well as cloud-based file-sharing sites, has made the process of sharing data easier, but also less secure, than ever before. The security issue is compounded by BYOD, remote workers, and employees who work from anywhere.
Organizations must prioritize secure file transfers, as company files often contain sensitive, confidential and classified information. Beyond standard security hygiene best practices for protecting remote access, using strong passwords and multi-factor authentication, and encrypting files, the market is full of enterprise-grade tools and products that help businesses share files both internally and with others. third parties, such as partners and customers. .
Regardless of the tools, however, organizations should follow these best practices to ensure secure file transfers.
1. Train and retrain employees
It has never been more important for organizations to train their employees on secure file transfers, especially with the advent of the cloud. New easy-to-use apps allow employees to quickly share information with colleagues and third parties. While these apps are convenient and easy to use, employees should be careful when using them to share files.
Regular training can help employees understand the potential security risks associated with file transfers. These programs do not need to be boring or long. Interactive applications and gamification can make security awareness training competitive and fun.
2. Integrate File Sharing Controls with Collaboration Apps
Collaboration apps like Slack or Teams allow employees to share files with the click of a button. These applications are largely built with collaboration and efficiency in mind, and can quickly become a security nightmare if left unmanaged. A data breach or malware attack, for example, could cause financial and reputational damage to an organization.
Security teams can reduce the risks associated with collaboration applications by implementing controls that prevent users from engaging in risky behavior. For example, enterprise-grade Slack allows enterprise administrators to restrict file uploads.
3. Audit and act
Perform audits on cloud storage and endpoint devices, especially after a security event or alert. An unauthorized user trying to access a file or an employee accessing a file at an unusual time is an early indicator of a problem. Once security teams detect unusual behavior, they can take preventative action, such as revoking permissions or encrypting files.
4. Limit who can access what
Set controls to limit who can access what files. Not all employees require the same levels of access to all files. Access can be limited by group, role, or individual. Restrict access based on the principle of least privilege: only allow users access to what is necessary for their work. The actions users can take on files may also be limited, such as who can read, write, edit, or delete data. Also, periodically review and update user access privileges.
5. Set expiration dates for files
Beyond access controls, some products allow organizations to add expiration dates to files. Google, for example, has an expiration feature for Google Drive, Docs, Slides, and Sheets. Security teams can then limit access to employee and third-party files based on the duration of a given project or engagement.
6. Limit physical file sharing
Limit or prohibit the use of physical storage devices, including USBs, external hard drives, and CDs. While the cloud has limited reliance on these devices, they are still in use and a source of data leaks and attacks.
Security teams can prohibit employees using company-managed devices from transferring files to external storage devices. However, it is more difficult to enforce these policies with BYOD. In this case, employee training is key to help reduce risks.
In the event that sharing files via a physical storage device is the only option a user has, they must encrypt the drive and/or files before sharing.