Secure file sharing don’ts: What to avoid when sharing business files

Jun 18, 2015

2015-06-18 Folders.jpgSharing business files is simply a must in today’s corporate environment. Employees must be able to collaborate on projects through shared documents, where users can make changes that everyone can see. As critical as this function is in the enterprise world, it can also open a company up to a number of security risks if workers don’t know what to avoid. To help enterprise administrators and staff members become more educated about file sharing and its associated issues, here are the top don’ts:

1) Don’t use email to send sensitive files
One of the first things professionals should know about sharing business files is to avoid sending content over email. While this is most often the first platform sought out for these kinds of activities, there are much better – not to mention more secure – approaches to collaborate on a project with colleagues. Securedocs contributor Laura Fagundes noted that cybercriminals, malware and a range of other security threats make email an unsafe platform for file sharing.

“Even if your network is highly secure, you can’t control all the other points through which that email will travel,” Fagundes pointed out. “In addition, what happens if the other party opens the file on a smartphone and then loses the smartphone? You sensitive file could be viewed by a co-worker, a good samaritan, or worse, a criminal with bad intentions.”

2) Don’t use a free or consumer-level file sharing platform
Corporate staff members should also avoid using a free file sharing website, or one that is geared specifically for consumers and not enterprise users. While these platforms may be easily available and familiar to users, they don’t have the ardent security measures needed to securely share business files in an enterprise setting. InfoWorld contributor Woody Leonhard also noted that content shared through these kinds of websites is more accessible than many think.

The majority of these platforms utilize a system in which the user uploads a file, and the website provides them with a URL to allow others to access the materials. A study carried out by researchers from the University of Leuven and the Institut Eurécom discovered that these platforms use sequential URLs for these files. By doing a little “online dumpster diving,” researchers were able to uncover a veritable treasure trove of sensitive data contained in sequential files, some of which were even SQL files – databases shared by users that were completely unprotected.

“But but but – I can hear your users sputter – but nobody really goes data Dumpster diving like that, do they?” Leonhard wrote. “Well, yes they do.”

With a little ingenuity, nearly any individual could gain access to all kinds of sensitive documents being sent over these free file sharing programs.

So, how should corporate users send business files?
Now that we’ve covered the don’ts, let’s take a look at how these risks can be avoided. Instead of using an unprotected platform that all but leaves the door open to unauthorized users, enterprises should have a secure file sharing system in place for their employees. Such a program provides a safeguarded environment in which staff members can send even the most hypersensitive documents with confidence.