Best Practices to Avoid File Sharing Dangers

File sharing has long been a way to socialize with friends and family, especially sharing a photo of a sweet moment or memory. Everyone does it, whether on social media, through cloud platforms like Google photos, by email or even a text message. But sharing can give cyber criminals a key to your data: If you don’t share the right way you can create a backdoor to all your files. Avoid file sharing dangers as part of your business cyber security plan.

File Sharing Can Be Dangerous

File sharing can be dangerous to your business in three basic ways:

1. Someone inadvertently shares a file that is corrupted with malware, viruses, worms, ransomware or some other harmful agent that quickly spreads once it gets on your network.
2. A shared file or photo contains sensitive or proprietary data that ends up being sent to the wrong person or someone who is outside your company’s data protection.
3. A shared item is not sent by approved channels, ostensibly bypassing firewalls or other protections of your network.

Create a File Name Convention (Before Sharing Files)

Many small and medium size businesses don’t have strong policies and procedures around file sharing. This can  result in shadow IT — when staff decide to use software, systems, devices or apps without explicit IT approval. 

To avoid shadow IT, the first thing to do is create a file name convention of how every file name will be structured within your organization based on your company’s structure. For example: {YYYY MM DD} {Department} {Subject}.

Your team needs to know this change is happening and why.  Make it clear that resulting benefits to the team are:

• Consistency in your file names.
• Being able to easily find information when it’s needed.
• Promoting teamwork by establishing standards that benefit everyone. 
• Making it easier to manage files from an administrator’s perspective. 
• Improving readability of your company files.

Keep it consistent and keep it simple so that it becomes second nature to follow the name convention your company has established, thereby eliminating confusion and redundancy.

Bad Types of File Sharing

No file that you share peer to peer (P2P) or in a file sharing application such as a cloud, is really secure. We repeat: no file you share P2P or in a file sharing app is really secure.

Attaching a file in an email is usually fairly safe UNLESS you make a typo and send it and all your business data to a complete stranger, possibly a malicious actor.  Retrieval of that email, even if you try just seconds after you hit the send button, are nearly impossible.  Instead, sending a link to a password-protected file is better but still  not perfect.

Cyber criminals love when you attach a file using P2P networking (e.g., BitTorrent, eMule). Peer to peer (P2P) networking is an easy target for cybercriminals because it opens a backdoor to networks and allows the spread of malware among files. Unwitting users could accidentally share folders and leak sensitive data, or even acquire media illegally.

Even file sharing applications like Box or Dropbox have some risks. Different versions of the same file floating around or the same information being stored in different cloud systems is one of them.

Good Types of File Sharing

The best way to share a file is by using a method that is part of your overall IT infrastructure and therefore protected with the permissions and cyber security measures put in place for your business. Microsoft Office 365 can accomplish that or a similar secure collaboration platform.

Sometimes you might need to send or receive a really large file, so make sure your IT plan includes a method to do that without being blocked by your network. If you don’t put a solution in place, people tend to come up with one on their own and you end up with a series of shadow IT practices that put your business at risk.

If you do need to use a file sharing service, make sure to use one with 256-bit AES encryption over SSL including One Drive, SharePoint, Egnyte, ShareFile or SugarSync. Make sure to read the user agreement carefully. 

Most importantly about these file sharing options is that only one encrypted document or file is  shared with everyone who needs it — a team, department or even customers. Make sure there are no duplicates or versions to confuse participants. That way, whenever an addition, correction or deletion is made, it is made in just one file so that everyone is literally working on the same page. 

Called co-authoring, this approach enables team members to have complete visibility even though they’re in various locations throughout the world. It also allows the team leader or creator to oversee changes and assign tasks to team members to create workflows.

File Sharing Tips and Best Practices

Here are some other tips for setting up your file sharing securely:

1. Folders should ONLY be set up by admins.
2. Folder structure should be set up by the department, making them the top-level folders. 
3. Subfolder levels should be kept to five or fewer, so  information is not buried too deep.
4. Folder templates for departments and subfolders should be kept consistent throughout your departments.
5. Sharing should only be done with groups of people or by department, not with individual users.
6. Different access options like “view only,” “contributor,” “author,”  etc. should be created to share as much information with your team as possible, but without the fear of files getting accidentally moved, edited or deleted. 
7. Determine if you want only your organization to have access or if you want others outside of your organization as well. If so, set permissions accordingly, audit them regularly and maintain consistency in them.
8. Alert notifications for highly sensitive and critical information should be created.
9. Use hyperlinks or shortcuts when a file needs to be in more than one department in order to prevent duplicate versions.
10. Only one person in each department should be assigned to oversee all of the data and to audit it on a regular basis.
11. If a file must be shared, do it by a protected link, not attachments. Your data will then remain safe within your organization.

If you are not comfortable managing your company’s data security, contact us or book a no-obligation meeting. We’d be happy to assist you with this or any other IT situation.