Sharing files with colleagues and clients should be easy and
convenient. What it shouldn't be is a security risk — but it frequently is.
Because many small businesses don't have the right file-sharing
systems and policies, many turn to unsafe practices that often put both
their business's and clients' privacy in jeopardy.
Is your business guilty of engaging in dangerous file sharing
habits? Here are five you need to watch out for and what you can do about them.
1. Sharing files
via email
The most obvious dangerous habit is sharing files via email. Just the
other day I received a design document from a client as an email attachment.
Email is not designed to be secure. Anyone with access to an intermediate mail
server or with the ability to sniff network traffic between our mail servers
would see this design document. If I needed to sign a non-disclosure agreement
to see this information, they probably did not want random folks on the
Internet to see this information. Instead, senders should encrypt files and use
secure file sharing services. — Susan Hinrichs, chief of engineering at
SafelyFiled
2. Using
consumer-grade cloud solutions
Workers around the world are putting themselves and their
employers at risk by indiscriminately using unauthorized file sharing services
on their mobile and desktop devices — to the tune of $2 billion. With more
workers joining the bring-your-own-device
(BYOD) revolution and turning to insecure file sharing services like personal
Dropbox and Google Drive accounts, the threat is greater than ever. Employees
need to demand Dropbox-like solutions for enterprise tools, bringing the
productivity of Dropbox into the secure world of enterprise–sanctioned
resources. Employees need to work with IT to adopt a consumer-grade experience
with enterprise-grade security. Without IT buy-in, end users will continue to
choose between engaging in risky file sharing behavior with consumer-centric
alternatives, or taking a productivity hit through clunky legacy enterprise
file sharing systems. — David Lavenda, vice president of product strategy at
harmon.ie
3. Peer-to-peer
(P2P) file sharing
P2P sharing is a great technology used to share data over peer
networks. It's also great software to get hacked. Installing P2P software
allows anyone, including criminal hackers, to access your client's data. This
can result in business security breaches, credit card fraud and identity theft.
This is the easiest form of hacking. There have been numerous reports of
numerous government agencies, drug companies, mortgage brokers and others
discovering P2P software on their networks after personal data was leaked. For
instance, blueprints for President Obama's private helicopters were recently
compromised because a Maryland-based defense contractor's P2P software had
leaked them to the wild, wild Web. Instead, have P2P security policies in place
not allowing the installation of P2P software on your workplace computers or
employee laptops. Also, a quick look at the "All Programs Menu" will
show nearly every program on your computers. If you find an unfamiliar program,
do an online search to see what it is you've found. You should also set
administrative privileges that prevent the installation of new software without
your knowledge. — Robert Siciliano, personal security and identity theft expert
and CEO of IDTheftSecurity
4. Using flash
drives
Flash drives are the easy tool of choice for infection since they
bypass network security. If an infected file is on a flash drive and inserted
into a system, it can start an infection spread from the PC. Some systems are
set to autorun flash drive contents which can give the malware administrator
permissions which allow all kinds of havoc to happen. These habits are not
normally considered risky, but represent easy and unexpected infection or
breach methods. The simplest and standard defensive actions are using
up-to-date antivirus tools that stop autorun and scan any USB-attached device
and their files. Encryption also should be applied. — Duane Kuroda, product and
marketing at NetCitadel
5. Lack of
visibility
The danger starts when employees take matters into their own hands
and engage a file sharing service on their own. The individual making a one-off
decision is not going to be thinking of the bigger picture of organization-wide
requirements. What may look like the easiest, cheapest solution may be
completely bereft of critical functions such as persistent control and
auditability, and may inadvertently place the data at risk. Employees that
engage a solution on their own may also be tempted to mix personal data with
organizational data. Visibility provides important insights into who is using
the data, when and how many times. In regulated environments, this visibility
provides the required audit information needed for compliance. — Jim Ivers,
chief security strategist at Covata.
No comments:
Post a Comment