Secure File Sharing: 15 Best Practices To Keep Your Organisation Safeon 28 July 2021
Sharing documents is easy in today’s digital workplace with the many file sharing software solutions available on the market, but secure file sharing is another matter. The fast pace of business dealings can sometimes pressure employees into foregoing security practices meant to safeguard their organisations against data theft.
The best practices below serve to reinforce the steps employees and managers should take to ensure their file sharing efforts aren’t putting the organisation at risk.
15 Best Practices For Secure Online File Sharing
1. Make use of VPNs.
Everyone can’t always be in the safety of the office walls, accessing files from your secure corporate network. That’s why Gabe Turner of Security Baron recommends implementing a virtual private network (VPN) for use in situations that require accessing public wi-fi, for example. “Public wi-fis leave you vulnerable to hackers who want to steal your data. A VPN shields your web traffic in a secure tunnel, making it much more difficult to be intercepted by bad actors.”
2. Employ password managers.
If you’re a small business using simple file sharing options, you may have shared login and access credentials. While not ideal for security purposes, it’s understandable from a budget perspective. A cost-effective method for making things a bit more secure is using a password manager. “This service lets you securely share passwords with other users, so if you keep a file in an encrypted vault, you can simply give the other user your password and they can download the file from there,” explains Turner.
Need a secure collaboration portal that doesn’t break the bank? Request a guided demo of Glasscubes today.
3. Use strong passwords.
Whether you’re using a password manager or a solution that enables password protection on files, Turner recommends creating strong passwords. “Strong passwords make it more difficult for bad actors to gain access to your important data. Passwords should be at least eight characters long, and use a combination of letters, numbers, capitalisation, and special characters where possible.”
Sharing passwords with clients isn’t always a bad idea. If you do need to do it, here are a few tools that can help.
4. Set expiration dates for files.
For secure file sharing with clients, you may not want certain files to be available forever. In these cases, Turner says to set expiration dates for accessibility. “That way, once the availability window closes, the file can’t be accessed on their end. Plus, you won’t have hundreds of files just floating around.”
5. Limit file access by group.
Limit access to both file folders and individual files in a structured manner. Shayne Sherman at TechLoris says an easy way to do this is to limit by specific groups. For example, create groups based on departments (e.g., accounting, marketing) or job levels (e.g., manager, senior manager). “Not everyone needs to access every file to do their job, so limit access by what makes sense for each group.”
He also suggests limiting the creation of folders, since that can result in unnecessary chaos as users make new folders ad-hoc, without considering how they fit into the overall file structure. “Limiting the files and folders users can create and access helps keep permissions and file structures easier to maintain and understand.”
6. Audit access privileges regularly.
Matthew Fox of Valiant Technology recommends making a habit of reviewing who has access to what resources. “Just because a group or individual has a need to access certain files or folders today doesn’t mean they’ll still have that need in six months. Verify whether their access should continue as is, change, or be cut off entirely.”
How frequently you audit access privileges depends on the level of rigor you want in your security measures. The more rigor, the more frequently you should audit.
7. Employ multi-factor authentication.
Regardless of who you’ve provided access to, your organisation should have multi-factor authentication (MFA) in place to ensure users are who they say they are. (Tweet this!) MFA uses two or more authorisation methods to verify a user’s identity:
- Knowledge—something only the user knows, like a password or pin number.
- Possession—something only the user possesses, such as a key fob or token, or a text (if the user has a mobile phone).
- Inherence—something the user is, which typically involves a biometric identifier like facial or voice recognition.
Stefan Chekanov of Brosix says to try striking a balance between a strong authentication security level and one that’s not overly burdensome. “You don’t want to create too many barriers for your users.”
8. Educate and train staff on using your secure file sharing solution.
Whatever secure cloud sharing solution you choose will likely have a learning curve for users. It’s essential you provide them with appropriate training to ensure they adopt the solution as part of their workflow. Otherwise, you risk users looking for workarounds.
“File sharing software is used only when it’s understood and provides real value to users,” explains Fox. “If a solution doesn’t fulfill at least one of these criteria, you’re inviting shadow IT into your organisation by frustrated users, which can unwittingly circumvent many of your security measures.”
9. Use end-to-end encryption when transferring data.
For secure file sharing, Chekanov recommends peer-to-peer methods with end-to-end encryption. “In other words, aim for direct file transfers between two users that are encrypted on the sending end and decrypted on the receiving end. This keeps data safe while in transit by protecting it from any manipulation or unauthorised access.”
He also notes that the encryption algorithm is crucial in this process. Use a strong encryption specification such as the Advanced Encryption Standard (AES), which is a global standard for keeping online communications safe. Notably, AES is employed by the U.S. government to protect classified information.
10. Ensure your file sharing software fits into your overall security strategy.
“When considering secure file sharing solutions, it’s easy to get overwhelmed,” says Chekanov. Not surprising given the tons of options on the market that vary in their features and functionality. But secure file transfer is only one element of a wider corporate security structure.
Ideally, your file sharing software is part of a larger, integrated, and secure system. If not, then the high standards present in this one solution may be absent in, say, your email communication. “This can leave your organisation vulnerable despite your best efforts. Using an integrated system also makes things more easily manageable for your users, reducing the likelihood of security breaches due to human error.”
11. Be aware of how your solution provider handles your data.
The best secure file sharing services do more than tout bells and whistles on their product. They ensure your data is properly handled on the backend so you don’t end up with lost or stolen documents.
“Encryption is important, but so is knowing how your service provider manages your data,” explains Fox. “Where do they store your files? How are permissions set up? Who can grant access? Getting answers to these questions may be a pain, but they help ensure your data remains secure.”
Struggling to share files with clients? Here's our article about common challenges & how to overcome them.
12. Review files before sharing.
Whether you’re sharing a file with someone inside or outside the organisation, always be sure to review the content before hitting the send button. You don’t want to inadvertently send a document that’s irrelevant or, even worse, inappropriate for the intended recipient. For example, you may accidentally send one client’s document to another client, which may cause the recipient to question how your team handles their data.
13. Assign simple names to security groups.
When labeling your security groups, keep names simple and easy to understand. You want users to immediately grasp the intended audience for files and folders. For example, you may have files that contain sensitive personnel information you want only human resources staff to view. In this case, you could name the security group “Human Resources” and assign department members to the group. Then, simply take the same approach for other departments—marketing, accounting, purchasing, etc.
Of course, the same logic applies to other types of security groups. For example, you could assign your executive suite (e.g., CEO, CFO, etc.) to the “Senior Executives” security group. They would naturally have a wider latitude of access to files and folders.
14. Review security groups regularly.
As your organisation evolves, so do its needs. Changes to the business may impact your security groups. For example, a restructuring could result in an altered organisational hierarchy. Subsequently, there may be a need for new security groups—or at least modifications to the old security groups.
Similarly, the organisation may add a new department that necessitates an additional security group. However, say the new department has crossover activities with another department, such as customer service. The new department may need to access certain documents from customer service, so you’ll need to rethink the structure of your security groups.
15. Develop a clear record retention policy.
One aspect some organisations neglect when it comes to secure file sharing is record retention. Certain industries or governing bodies have recordkeeping requirements you must abide by, so it’s important to develop a clear retention policy to avoid issues come audit time. It can be tempting to keep all documents forever because they’re digital, but if a file is no longer relevant and outside the window of regulatory requirements, keeping it only poses an unnecessary security risk.
All your security concerns are addressed with Glasscubes, a collaboration solution that enables more than just secure file sharing.
Glasscubes is your go-to, secure collaboration hub. Secure file sharing is a cinch with cloud storage and content control with access to your files from any device. Enjoy automatic version control so your team never has to wonder whether they’re using the latest and greatest edition. You can even create approval workflows and view clear audit trails of user actions.
And our solution goes beyond file sharing—you can create a secure client portal or internal team workspace to communicate, share important documents, and manage tasks. Create as many customised secure customer portals and team workspaces as you like, and invite whoever you want, limiting access as you see fit.
With Glasscubes, you can:
- Assign and manage tasks for different members of the team, and track them to completion.
- Communicate practically anywhere through threaded discussions on the general message board, on specific files, on assigned tasks, or through instant messenger.
- Enjoy a secure collaboration environment, complete with multi-location data distribution across the UK, data backup and archiving, and encryption of data in transit and at rest.
Share files and collaborate securely with Glasscubes. Request a guided demo of Glasscubes today.
Explore other topics
client portals for accountants