ftp risks

Hidden FTP Risks For Marketing Agencies

Are you a marketing agency that sends files to or receives files from a client? Who are we kidding, of course you are! From graphic design .psd files to web design mockups to blog posts, sending work back and forth with a client is something you do every day. How do you do it? Email can get stingy with size limits, so what do you turn to? Typically, it’s an FTP server set up between you and a client.

Marketing agencies send a variety of files through the FTP method:

  • Graphic design files (.psd, .ind, .ai files)
  • Website mockups (PDFs)
  • Blog posts (.doc or Google docs)
  • Email newsletter or contact lists (CSV Files)
  • Video and Audio Clips (.mp4, .mp3 files)

We all know how an FTP server works, you connect to a client’s server, or vice versa, and use an FTP tool to exchange files. Depending on the level of familiarity or security required, you may need to get IT involved to send marketing files or even client contracts and invoices. The great part is that FTP servers have no trouble sending large files that email can’t handle and if the connection breaks, FTP can continue that connection once the server is back online.

But for all the good FTP has done for marketing agencies in the past couple decades, it’s becoming increasingly inconvenient, especially with the cloud file sharing options out there today. FTP has a host of issues, basic FTP isn’t secure, meaning that anyone with a little computing knowledge can see the files you’re sending. It also doesn’t keep versions of uploaded files, so if a file is accidentally overwritten, there’s no going back — meaning that work and those billable hours may all have been for naught.

FTP issues are aplenty, so lets take a deeper look at some FTP risks and the solutions marketing agencies can use to send their client’s sensitive marketing files quickly and securely.

Insecure Connection Types

Account managers are great, in fact, they’re something most marketing agencies can’t live without. They run the day-to-day interference between clients and marketing staff. Beyond that, though, an account manager may not know or understand the risks of sending files through an FTP server.

If you’re not using FTPS, SFTP or FTPES to send files, then you’re basically using naked FTP. Why’s it naked? Because basic FTP has nothing securing the files being transferred.

We could go on for days regarding more secure FTP methods. To put it briefly, the legacy FTP method is not encrypted, not even in the least. That means anyone with a packet sniffer could easily eavesdrop on the files you’re sending back and forth with a client. It’s a technology that was great in the beginning of the internet, but one that is now far too risky to entrust confidential files to.

Unfortunately, there isn’t a convenient way to check to see if a client is using a secure FTP connection with just a plain ol’ FTP server. Both of you want to be secure, but online security probably isn’t something either you or your client dabble in. You’re much busier building boundary-pushing branding or intuitive website design.

So, what’s the answer? How do you and your client stay secure while transferring files?

DEALING WITH INSECURE CONNECTION TYPES

As we discussed above, there’s not an easy way to make sure your account managers and clients use one of the secure FTP methods to transfer files. What each party should use is an FTP server that allows the sender (that would be you, the marketing agency) to specify how a client can receive and send files. It’s a matter of security and one of the many reasons we introduced the ability to transfer files using SFTP, FTPS or FTPES within SmartFile.

With this functionality, you can explain to clients that their security is absolutely important to you and that’s why you’ve chosen to only make those secure connections available when you transfer files back and forth. The option to choose how clients will transfer files is one of the features that makes SmartFile better than your legacy FTP server.

Overwritten Files

There are always at least two parties dealing with client files, account managers and the client. That’s a best case scenario; however, it’s more likely that several people are involved with these files, including the creatives who design them, the managers who approve them and even sometimes the head of the company.

Depending on how large your marketing agency is, you may have software for collaboration or you may depend on long email chains to collaborate. We all know how incredibly difficult this can be to keep track of file versions. If your agency is using FTP, there is no guarantee file versions will be kept.

To all the people who have worked very hard on an account, losing a project file is beyond frustrating. The extensive work put into it — lost; the billable hours — lost; the trust your client once had for your method — lost. The FTP risks here are more hidden, but just as dangerous.

DEALING WITH OVERWRITTEN FILES

Believe us, there is a better way to save versions than endless email chains and folders overflowing with files named AdCopy1, AdCopy2, AdCopy3, AdCopyFinal, AdCopyFinalForReal. We’ve found there are 3 very good ways for mitigating the risk of overwritten files, due to FTP problems or general mistakes:

Created a Detailed Process

Come up with a naming convention and a place to store files that will not change. Educate everyone from the employee to the client on how this will work and be sure to enforce it.

Script and Backup

Run a script on a time basis to backup files to a specific folder. This is clunky, but it could be done on a project-by-project basis, depending on how valuable the time is you’ve already put into a project.

Use a Tool With File Versioning

Save the hassle and use a tool that already has file versioning. SmartFile saves file iterations for you. You can sleep easier at night knowing that a file won’t be overwritten by your new, well-meaning intern. Or client that’s gotten a little too eager with the process.

Files Accessed Maliciously

We’d like to believe that no one ever does anything maliciously. But in the business world, we have disgruntled current or former employees, clients who are shopping around several agencies and people who would really enjoy disrupting a business.

Think, right now, do you know where all your clients’ files are? Do you know who can access them? Who has the passwords? Did a former employee use a personal email or cloud account to save files to so they could work at home? Whether intentional or not, it’s likely that some of those files are outside of your control, and therefore, at risk.

No tool can completely prevent all malicious access, but there are tools that can stop the problem before it starts. SmartFile’s file management platform tracks everything, from the date and time files were accessed, the username of the person accessing, the IP address and their connection type, among other data.

If you did become aware of a sensitive client file, say the rebranding efforts of two companies planning on merging, residing outside of your organization, it would be your responsibility to notify the clients. However, with an FTP server, you’d have no leads to follow as to where the file went or who has it.

DEALING WITH MALICIOUS ACTIVITY

Again, no tool is perfect. But any file transfer tool you use needs file logging, activity alerts and encryption. Unlike the naked FTP server, our platform starts by encrypting your files during transit. After that, SmartFile really goes to work, tracking activity and importing into logs, monitoring users and sending out notifications when users take action.

The file analytics — which are available for our Enterprise clients — are displayed in an administrative dashboard that makes it easy to interpret data, called SmartStats. SmartStats analytics features let your agency team gain visibility into file and user activity that you wouldn’t have with an FTP server. You can build dashboards and interact with and manipulate data. If you’d like to see a demo of SmartStats, you can contact our sales team here.

Other FTP Risks

There are other risks that might be a little less apparent because they don’t center around the sending or receiving of files by agency employees. These are problems either the client or your agency’s IT department will have to deal with.

BLOCKED PORTS, DOMAIN AND IP ADDRESSES

When you land big fish clients, you also land their compliance departments. Big brands often block the common FTP ports (and the domains of file sharing tools as well) to prevent employees from accidentally or intentionally transferring files in an insecure manner. To avoid this, the IT department may block by IP, port or even domain.

That’s why most bigger clients will require you to use a tool that allows you to transfer files in other ways than just FTP (like your web browser). However, most agencies will need to keep their FTP functionality around because you have more than just that one client and each client has different needs.

The best way to handle every client is to try a tool that combines all the features needed when transferring files — the ease-of-use, the security features and the access.

In order to meet those rigorous compliance standards, some Fortune 500 companies may require that you host your file management tool on-site, with an on-prem device like SmartFile. It sits behind your firewall (using your IP) and uses your own domain (leaving no chance it gets blocked).

The beauty is that that it works like an advanced FTP server while also giving you a branded web portal so clients and employees alike don’t have to go to the trouble of downloading FTP client software. This way you only have to train everyone on one tool once and won’t waste hours doing other unnecessary setup.

Ultimately, you get a tool that allows alternative access methods to FTP as well, ensuring all your clients are happy and your account managers and creatives can learn one tool, not several. This eliminates these types of FTP risks.

LAG OR BANDWIDTH ISSUES

Considering the hits a viral video can get, many marketing agencies are serving up videos each day that have the potential to get accessed by hundreds of media outlets and casual users. This is what agencies dream of accomplishing for their clients, but how unfortunate would it be if you succeeded and your bandwidth couldn’t handle it? Bye, bye, virality.

If you’re dealing with that high of volume, you’re probably dealing with a major client that also blocks your ports or domains like we just focused on. What are you to do? Go hybrid. With SmartFile, you can still host it behind your firewall but push certain files to our cloud. You and your clients can access your creative materials without delay, while the media outlets can access the finalized version from our servers instead of your own.

FTP Was Great, But It’s Too Risky for Marketing Agencies

FTP was a great tool at one point for marketing agencies. However, as technology has evolved, basic FTP servers have become outdated and even risky for agencies to use. Those FTP risks make it an imperfect choice for sharing files with your clients. Marketing agencies need a full-fledged secure file management platform instead. SmartFile’s FTP alternative with various deployment options and ability to scale for any size agency makes it the perfect choice for creative teams working to make their clients stand out.

SmartFile is a business file mangement platform that gives you more control, compliance and security.

TO SIGN UP