Secure file sharing 101: the essential guide to secure document sharing online
News recently broke that IBM Aspera Faspex, a high-speed file-exchange application used to move large data sets, had a bug that malicious hackers were actively exploiting. A 2014 Emmy winner for enabling faster media production workflows, Aspera has been adopted by organizations active in genomics and biomedical research, entertainment, military signals intelligence and financial services. It’s hardly surprising that the US Cybersecurity and Infrastructure Security Agency labeled the vulnerability a significant risk.
But even where the technology element of secure online file sharing doesn’t fail us, the human factor still can.
According to Verizon’s 2022 Data Breach Investigations Report, a whopping 82% of the security breaches analyzed had some type of human involvement, including stolen credentials, phishing, misuse, and errors. “People continue to play a very large role in incidents and breaches alike,” reads Verizon’s verdict. No wonder that, research says, IT leaders see a growing need to refamiliarize employees, especially those who have been hired remotely or are now returning to the office, with security protocols.
So how can businesses make sure that the content employees share doesn’t end up in the wrong hands? In this article, we’ll look at what secure sharing is and what tools and tactics can be used to keep people productive and sensitive data protected.
What is secure document sharing: definition and key components
Safe file sharing refers to the ability to send files securely using secure protocols and encryption methods to prevent unwanted and unauthorized access to the information transferred. Encryption is either performed before a document is shared or when it’s being transmitted over the network, Techopedia explains.
Secure file sharing can be done within or outside a local network over a standard Internet connection or through a private network connection such as a virtual private network. File-sharing solutions enable secure file transfer by allowing users to restrict access files, meaning only granting authorized personnel permission to open, view and download them.
What counts as a secure way to transfer files?
Broadly speaking, any secure online file transfer method that preserves the confidentiality, integrity and availability of the data shared. This is commonly referred to as the CIA triad, which we took a closer look at in our guide on creating enterprise information policies.
According to TechTarget, all secure file transfer services take the same approach to secure online file sharing, that is, access control. This might be achieved with the help of something as simple as an auto-generated URL or a password, or via integration with the company identity and access management system for an added layer of security and transparency.
Secure file sharing solutions should take a two-way approach to sharing documents online to tick the boxes of the CIA triad. First, they need to make sure that the data that is being shared itself is secured. Encryption is an effective way of safeguarding file content from prying eyes. Second, they must secure the transfer process using reliable protocols and standards such as SFTP, FTPS, or AS2.
How to transfer files: the 4 most used methods
Removable storage media
One of the oldest ways of file sharing, transferring files using storage media is done through a physical device that can be readily plugged in and removed from a system. These might include USB sticks, external hard drives, optical discs and so on.
File Transfer Protocol (FTP)
File transfer protocols, FTPs for short, are network protocols used to move files between a local host (the end user’s computer) and a remote host (usually a server) over a TCP-based network (like the internet). Ideal for transmitting sizable files or large volumes of data.
Peer to Peer (P2P) networks
Sharing files through a peer-to-peer network requires users to have computer hardware and software to communicate without the need for a central server. Skype, Facebook Messenger, email and Slack are some of the most common examples of P2P file sharing.
Cloud-based file syncing and sharing services
Dropbox, Microsoft OneDrive, Google Drive and Tresorit all fall into the category of online file sharing services, which allow users to upload data to a central depository to be stored, shared and downloaded by other users, such as members of the same organization.
Encrypted file sharing: a must-have tool to secure documents online
When data is in transit, a lot of things can go wrong. It can get lost, overshared, disclosed to the wrong recipients, or exposed to eavesdropping or ransomware attacks. This can cause significant financial and reputational damage, operational disruptions and legal ramifications to enterprises not unlike those using IBM Aspera Faspex to regularly move vast amounts of information across networks, systems and users. Enter encrypted file sharing service.
Encryption, as we explained in a previous post, refers to turning information into a secret code that hides its true meaning.
To unlock it, both the sender and the recipient must use an encryption key, which is a random string of numbers generated with algorithms to scramble and unscramble data. Encryption systems that only use a single key to encrypt and decrypt data are called symmetric. Asymmetric encryption systems use two keys: a public one, which is shared among users, to encrypt a message and a private key, which is not shared, to decrypt it.
Often touted as the gold standard for securing communication, end-to-end encryption encodes messages before they’re sent and decodes them only after they arrive at a recipient’s device. This means that no one in the middle can read or modify them because they don’t have the private keys that would allow them to do so. When only the safest is safe enough, end-to-end encryption file sharing is hard to beat.
Secure file sharing with clients: the how-not-to
According to a 2022 survey, more than half of US employees (56%) use personal file sharing services, such as OneDrive, Google Drive, WhatsApp or Dropbox, to share work-related files to save time and hassle – whether or not they’re allowed to do so. One-third of them are fully aware that company policy prohibits business file sharing using private file sharing tools and are familiar with the cybersecurity risks involved.
Of course, it’s hard to blame them considering the fact that 43% of hybrid workers feel they aren’t or are only somewhat equipped with the right digital tools to work at home. More than one-quarter of respondents said they had to use 11 or more accounts, tools and apps daily. As a result, more than two in five workers spend at least one hour per day on average looking for files or information just to do their job.
In conclusion, whatever enterprise file sharing solution you choose, ease of use should be a top priority. The harder you make it for employees to access and share content, the higher the probability of them looking for workarounds to bypass security protocols – and putting your networks, data and resources at risk.
How to send files securely? 5 ways to do file sharing right
1. Use end-to-end encryption for maximum protection
As we’ve previously established, end-to-end encryption provides the highest level of data protection for users because it ensures that information gets encrypted before it leaves the sender’s device and remains encrypted until it reaches the intended recipient. Meaning that no third party has a chance to access the exchanged information.
End-to-end encryption is now widely used in the corporate world but in reality, many solutions only provide partial encryption or poor key management. Or in the worst case scenario, both.
Opt for a service that offers zero-knowledge encryption functionality, making it impossible even for the service provider to know anything about your encryption key or the data you’re sharing.
2. Choose a solution that plays well with your existing apps
This is to reiterate what we’ve said about usability above: secure file sharing solutions are only as secure as users make them. If they introduce friction into workflows and are a headache to use across devices and locations, you’ll risk employees resorting to tools that are familiar and convenient first and safe second, if at all.
3. Beef up password security with 2-step verification
MFA-enabled online services ask for a combination of two or more authenticators for identity verification, including something you know (e.g. a PIN number or a password), have (e.g. a confirmation text sent to your phone) or are (e.g. fingerprint or facial structure).
Multifactor authentication can dramatically reduce the risk of compromised passwords, data identity thefts and account takeovers because if one factor is cracked, another one steps up to thwart the attack. By up to 99.9%, to be exact, according to Microsoft.
4. Make sending documents securely via email a reality
In and of itself, email isn’t exactly the most secure channel to share files over. But with the right secure file sharing service it can be. Users of Tresorit’s add-in for Microsoft Outlook, for example, can encrypt emails in just one click, from subject lines to attachments, without key exchange, additional software integration, or new workflows on either side of the transmission.
5. Turn employees into your first line of defense
According to the OpenText study mentioned earlier, 44% of employees rely on personal file sharing solutions to do work-related tasks because they’re not aware that it’s against company policy. Organize regular training sessions for staff to make sure they’re up to date on security protocols and how to use them, including how to send encrypted files and how to share files securely.
Keep your files safe and users happy with Tresorit’s end-to-end encrypted collaboration platform
- Make the cloud a safer place with zero-knowledge E2E encryption
- Keep access secure and limited
- Stay in control of what happens to your data
- Set up and enforce enterprise security policies in one place
- Encrypt attachments automatically in Gmail and Outlook
Every file and relevant metadata on our users’ devices are encrypted with randomly generated encryption keys. Accessing files is only possible with a user’s unique decryption key that no one else, not even Tresorit, has knowledge of. Meaning that even if our servers were breached, no one would be able to read their contents.
Monitor and decide which devices are allowed to access which files and from where users are allowed to log in to their company account to safeguard business-critical documents. Manage files and tresors at a granular level to ensure they’re only accessible to those who need them and limit downloads or revoke access at any time.
Implement data protection measures, including controlling who has access to what data, logging file activities, and creating internal security policies for data management. No file content can be modified without you knowing about it, thanks to cryptographic authentication applied to all encrypted data in the form of HMAC or AEAD.
Make sure that everyone on your team is on the same page when it comes to using crucial data security tools and processes. Apply policy templates, including 2-step verification, IP filtering, timeout policies, and sharing policies, create different policies for each template and modify them at any moment through a single interface.
Empower your teams to work efficiently and send encrypted emails by integrating Tresorit with Google Workspace or Azure Active Directory and Office 365. The add-ins offer a fast and easy way for users to replace risky email attachments with encrypted share links and password-protected files using their existing email addresses.
