In most organizations, regardless of industry, file transfers happen all day, every day. These transfers take place in the forms of data exchanges like email, network shares, homegrown File Transfer Protocol (FTP) tools, and even free online FTP services. Every employee shares information, internally or externally, throughout the day, which raises security concerns. It may be time to think about how to handle file transfer of insecure networks.
We rarely stop to consider the security ramifications of using unprotected FTP tools, email, and other solutions. But today, with the increasing number of data breaches and malware issues, companies need to be certain they’re protecting sensitive data and reducing the risk of cyberattacks. Employee file transfer activity is often harmless but can create an enormous security lapse when someone transmits sensitive data without using the appropriate safety measures.
Information sharing can cause other issues. In addition to creating threats to data security, they can put your company at risk of compliance violations, which may have severe and lasting penalties. Every compliance standard (PCI, HIPAA, SOX, GLBA, etc.) mandates the incorporation of robust security measures to ensure safe and secure data transfer and protection of data at rest.
Understand the Risks of File Transfer
In day-to-day activities, unprotected file transfer can be relatively innocuous. For some businesses, military and civilian agencies, payment processing companies, banks, and retail institutions, however, FTP can be a security nightmare. FTP alone does nothing to secure or encrypt transmitted data. If during an exchange, an employee sends sensitive data from point A to point B, cybercriminals can use the file transfer method to access files, discover sensitive personal information, and conduct a more invasive attack on a company’s network.
These threats are real—and costly. The 2016 Ponemon Cost of Data Breach Study, estimates a data breach costs an average of $4 million to remediate. Healthcare IT News reported that the Office of Civil Rights (OCR) in 2015 levied a $218K fine on a Massachusetts hospital for using a cloud-based file sharing service, a HIPAA compliance violation. While the OCR found no evidence of a data breach, the tools the hospital’s employees were using to transfer electronic protected health information (ePHI) were considered insecure, which was enough to justify the punishment.
Search for a Secure File Transfer Solution
In light of data security and compliance concerns, most IT departments today are exploring managed file transfer solutions. Managed file transfer solutions to maintain regulatory compliance and reduce the risk of costly cyberattacks. As with any technology consideration, there are many options so, as you research file transfer solutions, consider the following:
- Foreseeable risk. List the types of records your employees, clients and prospects exchange on a routine basis. Categorize the data as sensitive and non-sensitive. Consider where the vast majority of data transfers occur within the network. Some companies may need more comprehensive protection than others.
- Budget. Expenses drive many decisions in tech. Bear in mind the cost of a compliance violation or a security breach as you work with company decision-makers develop an adequate budget for a solution. This should also include the cost to operate the solution.
- Policy. Every organization needs to outline formalized procedures employees must follow when transferring sensitive information. Define which transfers are permissible and which are not and train employees to understand sensitive data must be managed carefully to avoid security violations. Without employee compliance, some managed services and solutions can’t ensure file transmission safety.
- File sharing needs. Outline regulatory concerns as well as the need for FTP, HTTP, and other file sharing protocols. Look for a managed solution that matches your risk needs. Managed file transfer (MFT) is a technology that offers a higher level of security and control than FTP. With support for secure protocols such as FTPS and SFTP, managed file transfer ensures comprehensive file transfer management and administration for IT teams.
- Security. Explore variables that might affect the efficacy of a solution, including the need for mobile and cloud-based support. You should also consider secure file transfer products that offer sound data transfer methods and the appropriate levels of encryption for data in transit (a particularly important point if compliance is a must).
Beyond all these factors it is important to note that logs are an important aspect of file transfer security as well. IT teams should be able to gather and view server logs along with FTP domain logs to monitor non-compliance and policy violations as well as error handling and troubleshooting. If you suspect a breach or data leakage, you can forward these file server logs to a SIEM system for deeper security analysis and compliance reporting.
Whether you choose a managed file transfer system with the highest level of security or a self-hosted FTP-based solution, consider all of the variables that may affect your ability to reduce and combat security threats.
Serv-u MFT Server – Free Trial
It’s your data, keep it that way. Download a free 14-day trial of Serv-u MFT Server and discover the advantages of secure file transfer for your business.