Secure File Transfer: Definition, Protocols, & Real-World Exampleson 3 April 2023
Security has become paramount in today’s digital world, especially in business. One wrong move and sensitive data could be stolen or leaked, putting your company at risk of experiencing reputational harm, losing its competitive edge, and even facing financial damages.
That’s why secure file transfers are critical when sharing sensitive or confidential information within and outside of your organisation.
But what makes file transfers “secure?” In this article, we take a behind-the-scenes look at this technical subject with insights from several experts, including Chad Lauterbach, CEO of Be Structured Technology Group, a provider of managed IT services. Lauterbach has over 20 years of experience in information technology, with expertise spanning disciplines such as cybersecurity, cloud computing, and network engineering.
Give your team a tool that supports secure file transfers and streamlines collaboration. Request a free demo of Glasscubes today.
What is a secure file transfer?
A secure file transfer is the transmission of encrypted data from one party or entity to another using protocols that enable the encryption. The purpose in using this type of transfer is to protect sensitive or confidential information. “Today’s diverse number of security threats necessitate that ‘secure’ means not just encrypted, but encrypted with modern security protocols that don’t have known vulnerabilities or aren’t easy to crack,” Lauterbach explains.
Why are secure file transfers important in business today?
Many organisations today have sensitive, mission-critical data that they would not want acquired by another party. For example, a food and beverage manufacturer may have closely guarded product formulas; if those were stolen or leaked to competitors it would threaten their market position. Competitors would have the opportunity to, say, mimic the very elements that make the manufacturer’s products unique—think taste, texture, and the like—and erode the manufacturer’s competitive advantage.
Another reason that secure file transfers are important: They are often required by law.
“Many companies are beholden to regulatory obligations concerning data security that require them to meet certain encryption standards—in some cases both in transit and at rest,” says Lauterbach. “Besides, it’s just intelligent and good business practice, with cybersecurity concerns at an all-time high—even if the data you’re transferring doesn’t appear to be critical. You never know what a bad actor could piece together with seemingly random bits of data.”
Lauterbach provides a logistics example to underscore the importance of keeping all file transfers secure:
Consider a truck that’s scheduled to deliver a number of items to the local shipyard. Only a select few should know what the truck contains—is it 100 boxes of iPhones or 200 boxes of household sponges? But bad actors who intercept unencrypted or unsecured files may also know the answer. That’s where trouble can brew.
“Without getting too technical, countless bits of data are sent between logistics companies, their clients, and intermediaries. Any one of these bits can be intercepted if not properly protected,” Lauterbach explains. “While one bit—say the time of the delivery—may seem harmless on its own, what if a bad actor also finds out the contents of the delivery and the location?”
In piecing this information together, Lauterbach says bad actors with the right resources can create opportunities to steal valuable assets such as the iPhones mentioned above. “And they don’t necessarily have to do it themselves. They may simply be in the business of gathering and selling data to other parties who perform these unlawful acts.”
5 Secure File Transfer Protocols
A protocol tells computers how to format and process data, and how to communicate with one another. File transfer protocols specify how to transfer files between different systems online. Adding encryption to the transfer makes it secure.
Below are commonly used protocols for transferring files safely and securely. Understanding them will help you implement a solution that works well in your business environment.
Secure file transfer protocol (SFTP) is a network protocol that uses secure shell encryption to securely access, transfer, and manage large files and sensitive data. It protects against man-in-the-middle attacks, which may permit the attacker to completely subvert encryption and gain access to the encrypted contents.
File transfer protocol secure (FTPS) is an extension of a protocol you’ve no doubt seen before: FTP, which is an unencrypted protocol used to transfer computer files from one server to a client on a computer network. FTPS enables businesses to connect securely with their customers, suppliers, and business partners.
Hypertext transfer protocol secure (HTTPS) is an extension of the original HTTP protocol; this extension secures communication and data transfers between web browsers such as Chrome and Microsoft Edge and websites.
Applicability statement 2 (AS2) is a security specification focused on transmitting structured data—data that has been organized into a formatted repository, typically a database—securely and quickly over the internet. It specifies how to connect, deliver, validate, and reply to this data.
Session control protocol (SCP) is a simple protocol that enables a server and client to have multiple conversations over a single TCP connection, which is a set of rules for sending data in the form of message units between computers over the Internet.
Lauterbach notes that each of the above protocols offer “more or less the same level of security.” The broader security takeaway that’s important to know, especially with the protocols being relatively equal, is that you should focus on:
- Ensuring servers and firewalls are up to date
- Authentication measures are in place
- Identity management is properly implemented and controlled
These actions mitigate any openings a bad actor may take advantage of beyond the file transfer itself.
The reality of “choosing” between secure file transfer protocols
While working with other similarly sized businesses may permit a small business to freely choose between protocols, the actual protocol of choice is typically determined by larger entities—ones that you would likely find in the Fortune 100 or FTSE 100. “Unsurprisingly, these companies have the power and influence to choose a protocol they prefer and have vendors and other third-party partners adhere to that choice.”
For example, consider the AS2 protocol. “The interesting thing about AS2 is that it’s actually become less common to employ over the years across industries, but Walmart uses it—so many logistics companies keep it in play to maintain their relationship with the retail giant,” says Lauterbach.
7 Real-World Secure File Transfer Mishaps
Even with secure file transfer protocols in place, data leaks and hijackings can still occur. Though in some cases these unfortunate circumstances are due to human error, not hacking. See below for a few example mishaps—including breaches and human error—from real-world companies and what actions they took to recover.
1. Unsecured Email Transmission
“Our company employs encrypted email servers and private cloud storage for internal file sharing and collaboration,” says Sukhy Dhillon, brand director at e-Careers. The company also uses several encryption technologies and multi-factor authentication to further safeguard sensitive data.
When exchanging data with external parties, Dhillon’s company typically uses either SFTP or HTTPS to ensure transferred data remains private. “We also employ stringent identity verification procedures to guarantee that we are exchanging information with the correct party.”
Dhillon says that, in one troubling case, a student's private information was transferred over an insecure email server by mistake. “We took this as a wake-up call and have since strengthened our security protocols. We've implemented stringent standards for managing passwords and encrypting data, and we conduct regular security audits to spot and fix any flaws we find.”
2. Wrong Recipient
To transfer files securely both internally and externally, the Triad Drones team employs several secure cloud storage solutions with access controls to restrict file access to authorized personnel. “We also utilize encrypted email services and password-protected file sharing platforms to ensure that only designated individuals can access the files,” says Walter Lappert, the company’s president.
Despite these measures, the team has experienced security issues in the past. In one instance, a vendor accidentally emailed confidential design files to a competitor due to a misaddressed email. This led to legal disputes and a loss of trust between the companies. “To prevent such incidents, our company has since implemented stricter protocols for vendor communication and reinforced the importance of secure file transfers to all employees and partners.”
3. Data Breach
“Internally and externally, our team transfers files by using an FTPS server and a secure file-sharing system with two-factor authentication,” says Michael Chen, growth director at Notta. Additionally, the team uses encryption and digital signatures to ensure files are secure and confidential.
“Unfortunately, we have experienced security issues with unsecured file transfers in the past,” says Chen. His team was exposed to a data breach when a malicious actor accessed company files due to an unsecured file transfer. This exposed confidential customer data and negatively impacted trust with the customer base. “We have since implemented more secure file transfer protocols to ensure our data remains safe.”
4. Incorrect Server Configuration
The team at Airgram transfers files internally with secure file sharing tools that provide end-to-end data encryption. Externally, they transfer files with an FTPS server that also employs two-factor authentication, secure email services, and secure cloud-based file storage.
“While we have multiple security measures in place, we still had to deal with a security issue due to an incorrect configuration in our server,” says the company’s vice president Ranee Zhang. “This resulted in the exposure of sensitive data, but we quickly identified and rectified the situation. We also implemented additional security measures to ensure that all future file transfers are properly secured.”
5. Unsecured File Transfer
“Internally, our team uses a secure file-sharing service with end-to-end encryption and two-factor authentication,” says Jessica Carrell, cofounder of AnySoftwareTools. “Externally, we use secure email and cloud storage services, as well as encryption for email attachments and file transfers.”
One security incident involved an unsecured file transfer that allowed unauthorized access to sensitive information. As a result, the team had to close down their system, reset passwords, and contact affected customers to inform them of the breach. “We also implemented more secure protocols for file transfer and conducted further training to ensure our staff had a more solid understanding of data security and its importance.”
6. Malware Emails
The Sofilmar team uses two file storage solutions with “bank-level security protocols” to transfer files internally. Andrew Tomson, project manager at the company, says the team prefers to share files externally via two other solutions: one for files sent to ongoing clients and another for files sent to one-off clients.
The company has faced two security incidents, both involving new workers opening email files containing malware. “Verifying trustworthy file sources in P2P networks is challenging, and one of our new employees fell for the bait, exposing our broader network to attacks,” Tomson explains. “We’ve since implemented more training during the onboarding process to mitigate another incident.”
7. Virus-Filled Files
File sharing is a daily activity at Allied. The company uses a collaboration solution with multiple features, including secure file sharing to transfer files internally and externally.
“Previously, we were relying on a low-cost file sharing solution to save money. While great for our budget, it disappointed when it came to security,” says Shannon Steinberg, the company’s SEO manager. “We dealt with malicious activities, and our files were plagued by unknown viruses. We decided it was better for our company to invest in the secure solution we use now to avoid any further security incidents.”
Securely transfer files—and do so much more—with Glasscubes
Glasscubes is a secure, all-in-one collaboration solution that enables secure file transfers through HTTPS and features file request management, robust project management, and time-saving information workflow automation capabilities. Keep your employees, clients, and suppliers in the loop with one powerful portal.
Glasscubes is also security-minded: All data is protected by SSL encryption in transit and at rest. Plus, data is distributed across multiple physical locations within the UK to ensure high availability.
“Glasscubes is an essential tool for our collaborative working across a number of organisations. The security, communication tools, and storage features are fantastic and allow us to bypass a number of issues with data sharing and cross posting by having a communal space where many staff [members] need to access files.”
—Hannah Wilson via Trustpilot
Keep your teams on track to success with a collection of value-packed features:
- Store and share files in a secure location, complete with automatic version control. You can even create approval workflows and view clear audit trails of user actions.
- Collect, process, and approve information through customisable, automated forms and workflows that include user assignees, assignee follow-ups, and completion alerts.
- Assign and manage tasks for different members of the team, and track them to completion.
- Create customised workspaces for each project team in your portfolio. Team members can share resources and communicate with one another in their specific workspace, and you can access them all for easy oversight.
Want to see how other companies are using Glasscubes to handle their secure file transfers and other collaboration activities? Check out these case studies. Or, get started working more productively now by requesting a free demo of Glasscubes.
Explore other topics
client portals for accountants