Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe.
Our lives are increasingly lived in the digital world. And while this comes with a host of benefits, it also exposes us to the threat of data theft. Whether it’s sensitive personal, medical or financial information, anything the bad guys get their hands on could be used in follow-on fraud or even blackmail. In short, failing to share your most sensitive files securely could have major consequences. Nobody wants to endure the stress, financial loss and potentially the time and effort required to clean up after a major data incident.
But with so many options out there, it can be tough knowing where to start. Read on to find out more.
Why is secure file sharing important?
According to recent research, 61% of Americans have learned that their personal data has been breached on at least one of their accounts. And over two-fifths (44%) say this has happened multiple times. Often, cybercriminals target the organizations that hold our data, en masse. According to Verizon, over 94% of data breaches in 2023 were financially motivated, and more than 70% were committed by organized crime groups.
However, the same motivations drive cybercriminals to target individuals with phishing attacks. You may also have concerns about government snooping on your private data, or of unauthorized users being able to read confidential information.
What to be wary of
There are plenty of potential options for sharing files. Some, such as USB thumb drives or other removable storage media, are clearly out of the question for online transfers and come with other potential downsides. The following, too, have their drawbacks:
FTP: The File Transfer Protocol (FTP) was purpose-built for file sharing. But it lacks built-in encryption (unless you are using its secure form known as FTPS or a secure alternative to FTP known as SFTP) and may require a complex set-up that only businesses and tech-savvy individuals can stomach.
P2P:Peer-to-peer (P2P), which cuts out the middleman, may work for sharing certain files, but in the absence of other precautions it’s generally not the best option for sharing sensitive documents.
Email attachments: People often consider this the best way to send sensitive files. But they forget that many providers don’t necessarily secure (encrypt) a message once it reaches the recipient. Also, what if your or the recipient’s email accounts is compromised? There’s also a size limit on many platforms, which may be no good for large image or video files. A tried-and-tested service that offers dedicated end-to-end encrypted email is generally a better option in many scenarios, but there are also other options.
7 tips for sharing large files securely
End-to-end encrypted cloud-based file storage fits the bill for most people, especially where the above solutions fail. If you take the right precautions, it can provide a secure cloud storage facility, where your files are kept under lock and key. You can then invite select users to view them by providing a time-limited download link. This is important, as it means that you can update files while in use and everyone will be able to view the same copy.
However, not all solutions are created equal, and there may be additional steps you need to take in order to mitigate the most serious security, privacy and user experience concerns. Consider the following:
Choose end-to-end encryption (E2EE): As your secrets are scrambled at the source and decrypted at the intended destination (and remain encrypted while stored), E2EE is ideally suited for exchanging data from device to device. This then covers encryption at rest and in transit and means that even if the provider is targeted by cybercriminals, your data won’t be revealed. Beside E2EE cloud file sharing providers, there are also E2EE email services available, although there are size limits on files.
Go for a security and privacy-focused provider. There are many offerings on the market. It’s important to do some research up front to ensure the provider you go with is the right fit. Read the privacy policies and understand how your data is secured.
Remember access controls: To enhance security further, ensure files are password protected with strong and unique credentials, so as to keep them safe from prying eyes. And switch on two-factor authentication (2FA) for further account protection from phishing and other attacks. Set up a share link so that those with the link will be able to access your files.
Time-limited links: By setting an expiry time on the download links you send a recipient, you can minimize the risk of unauthorized access to your files. Some providers may also enable you to remotely delete files or revoke access once they have been downloaded, for further protection.
Use a VPN on public Wi-Fi: If possible, don’t access any sensitive accounts when logged-on to a potentially insecure public Wi-Fi network. If you have to do so, ensure you’re using a trusted VPN to scramble any traffic.
Large file size support: Check out the size limits on your shortlisted cloud file sharing providers to ensure you’ll be able to send data quickly and easily.
Use security software: It goes without saying that you should treat any inbound links to file-sharing sites – even if they seem legitimate – with caution. Security software will scan any such links or downloaded files for malware, and keep your own machine safe from attacks designed to hijack or eavesdrop on communications.
We all have different tolerances for security and privacy risk. But by using the above tips as a rough guide, you should be able to select the service right for your file-sharing requirements.
by Phil Muncaster, ESET
Comments