Not All File Sharing Platforms Are Created Equal
The planet is currently in the middle of a mass digital revolution. Indeed, more and more people are becoming internet-connected, more content is consumed digitally, and even former bastions of society, such as shopping malls and retail stores, are going the way of the dinosaur. As a byproduct of this increasingly digital world, personal information is more frequently stored and shared as digital files instead of in paper form. This, in turn, necessitates a way for individuals and organizations to securely share this personal information without potentially being spied on by third parties monitoring their network traffic.
Many people are familiar with at least a few of the plethora of file sharing services available today. They provide individuals and companies with a way to quickly distribute and share files, frequently only requiring a few minutes to set up. These solutions have issues, however, as they may not provide quite the level of protection that the security-conscious organization requires.
File Sharing Services: What to Watch For
Most file sharing services are reasonably simple and straightforward to set up. They frequently even offer a free trial, or a small amount of free storage space intended for personal use. While this creates an environment where it is very easily to quickly drop files into a shared folder, then distribute via a shared link to the folder, this simplicity is frequently a double-edged sword.
Much like the majority of cloud services, the cost-effective, scalable, and easy to use nature of these services comes at the expense of personalization. They usually take a “one size fits all” approach and aren’t able to be tailored for an organization’s unique file sharing needs.
Adequate Security Controls
File sharing services frequently lack the necessary security controls, including enforced two-factor authentication (2FA), that organizations need to ensure they don’t run afoul of security and compliance issues. The lack of 2FA in these services makes them a prime target for phishing attacks.
A threat report from FireEye, a prominent cybersecurity provider, found many attackers send emails intended to look like automated messages from a file sharing service, only to link the reader to a fake login page. Once credentials are captured, the attacker can now easily log in and steal all the data that user had stored in the file sharing service. With 2FA set up, even if the attacker captured the email and password, they still would not have access to the account without also obtaining access to the recipient’s phone or other device.
Advanced Retention Policies
Automatically deleting or archiving old files and potentially sensitive data is generally regarded as a best practice regardless of what industry an organization operates in. Unfortunately, many sharing services require old files to be manually deleted. This can lead to risky situations where old files are forgotten about or were owned by an employee who departed the company remain on the file sharing server far longer than they should. In the event an account or entire file sharing service is breached, the organization could be open to a potentially devastating data breach.
Avoiding Shadow IT Solutions
Problems with established protocols being unwieldy or unreliable often drive employees to set up alternate file sharing accounts outside the organization. These personally owned or otherwise off-the-books solutions are sometimes referred to as shadow IT solutions. Shadow IT can be thought of as “rogue solutions”, as they are typically outside the company’s purview. These solutions represent significant security risks since organizations’ IT security are often not aware of, or unable to police them. There is generally limited to no visibility into these solutions outside the immediate team using them.
This creates untold risk as it is virtually impossible for organizations to track what happens to documents, files, or any other type of data that enters these shadow IT solutions. Organizations need to provide employees with a file sharing service that not only enforces strong security controls and policies but also delivers ephemeral (temporary, self-deleting) storage. The ideal solution will make securely sending a file as simple as sending an email. This simplicity helps discourage employees from turning to unsafe, unsanctioned alternate solutions in order to save themselves time and frustration.
One File Sharing Service to Rule Them All
XM SendSecure from XMedius can help. Designed to facilitate simple and secure file exchange from the ground up, XM SendSecure delivers on these needs by providing organizations with a solution as easy to use as email.
By providing far more granular security policy controls than most other file sharing services (especially free or unpaid accounts), XM SendSecure enables administrators to implement organization-wide security policies, including password strength requirements, data retention settings, and more. XM SendSecure also enforces the use of 2FA, and leverages credentials based on known contact information for the recipient, which can be drawn from a Microsoft Outlook database integration or other database. XM SendSecure delivers this while being as easy to use as email and can be used to send documents to anyone, even if they’re not an XM SendSecure user. This simplicity of use, in turn, helps eliminate the incentive to leverage black box solutions.
Another feature baked into XM SendSecure is ephemeral, or temporary, storage for anything shared using the solution. Ephemeral storage provides organizations with an additional layer of data security by enforcing data retention policies by default.
File sharing services can vary widely, but few have the combination of security, control, and simplicity provided by XM SendSecure. If your organization is looking for a way to enforce security best practices, meet compliance obligations (HIPAA, GDPR, FERPA, etc), and eliminate barriers to employee productivity, reach out to one of our security experts to learn more.