Thought it might be helpful to share our perspective on the Top 3 Security Mistakes related to File Transfer along with some tips on how to avoid them. After all, staying out of trouble is half the battle.
Mistake #1 - Using P2P file sharing software at work.
Using P2P file sharing in the workplace is just not a good idea. Installing P2P file sharing on a work computer can get you into a heap of trouble by inadvertently exposing computer files externally. The FTC recently had to inform 100 organizations that personal customer and employee data was being shared on P2P networks. Legislation is under review that would require stricter notifications on the security hazards of P2P file sharing. The best advice here is to practice P2P workplace abstinence – don’t use P2P file sharing in the workplace.
Mistake #2 – Sending confidential information via an email attachment, USB stick or CD
Email attachments, USB sticks and CDs are not a secure means of file transfer. When sensitive information is sent unsecured then an organization is at risk for non-compliance with industry and government regulations including HIPAA, SOX, and GLBA. Files containing confidential information need to be protected to avoid data breaches. USB sticks and CDs, can easily be misplaced or lost in transit as the UK Government discovered in 2009 when disks containing personal information on 25 million UK citizens went missing in the Royal Mail. Email attachments are not secure and do not provide the encryption required by HIPAA. If a file contains confidential information it needs to be sent via secure, encrypted channels.
Mistake #3 – Forgetting to cleanup files on un-secure FTP servers
Everyone knows that FTP is not the most user friendly business application, and cleaning up files previously uploaded to an FTP server probably ranks right up there in priority with cleaning out the lint from your trouser cuffs. In the hands of business users, FTP servers become a security breach waiting to happen. Files uploaded and left indefinitely on the FTP server, can result in many years worth of files sitting out on unsecured FTP servers. Coupled with the commonplace sharing of FTP account names and passwords, FTP servers are often a weak link in an organization’s data security program.
The good news is that managed file transfer can keep you out of trouble in all these areas.
No related posts.