Secure file transfer is a buzzword. Today, most IT professionals interpret it in many ways, ranging from “encrypted file sharing” to “confidential information transfers.” Despite the nuances of defining this term, several common misconceptions still exist in the industry. Here are six myths about secure file transfer that need to be dispelled.
1. Every business-grade file sharing platform is secure
Just because a file sharing platform is labeled as business-grade doesn’t mean that it’s a great fit for your enterprise. Some business-grade solutions don’t include key administrative features such as activity monitoring and granular user permissions.
Beware of terminology: business-grade and enterprise-grade are two different things. Enterprise-grade typically is more robust, products such as SmartFile include features compliant with HIPAA regulations that healthcare organizations and contractors need.
2. All encryption is created equal
Encryption comes in many different forms. Today, most secure file transfer services boast encryption. However, even if the encryption is AES (the highest quality available on the market), many services only offer in-transit encryption.
True security isn’t just encrypting a message from Point A to Point B. Especially for on-premises products, encryption should include encryption in transit and at rest. In the case of a data breach or hacker, the compromised files will most likely be at rest, and thus needing encryption. If the box is accessed, the data is essentially unusable.
3. I only need secure file transfer if I deal with sensitive data
Whether it’s personally identifiable information (PII), intellectual property, or company documents, the competitive environment of today’s world has called for increased information security. It’s not only regulated industries like hospitals or banks who need to protect their information.
Contracting with healthcare providers requires HIPAA compliance, and any PII should be protected. However, not all companies are operating in such a fashion.
4. I know all the programs my employee use to send information
Shadow IT is a real problem. IT departments said in a survey they expected the number of cloud services used by employees to be (average) 51. The actual answer was 730 — 15x more than expected.
This stat shows how great the disconnect is between IT, management and employees on file storage and transfer. If IT can’t track where employees are storing files and who is accessing those files, then they have no hope of identifying or containing a data breach.
You can’t ask your team members to simply not use tools that make their lives easier. There are way too many benefits for them not to seek one out. So you’ll want to give them all access to specific, sanctioned online tools that will work in your favor.
5. Email is just as secure
No, email is not secure. Sure you can go ahead and use it for company communication but if you are sending financial attachments or other sensitive documents, a secure file transfer platform is a better bet. With the prevalence of data breaches and 29% caused by human error, email is a loose thread in your security protocol. Most email is unencrypted, meaning hackers can intercept your information freely.
“Email, by its very nature, is unsecure: 99.9% of it is sent unencrypted. If it was invented today no one would use it. Emailing unencrypted documents ‘in the clear’ creates a potential chain of issues.”
6. I don’t need a file transfer policy for my employees
Every company needs a file transfer policy. Employees should not be making subjective judgment calls on whether or not their communication includes sensitive information. The average enterprise uses 76 distinct file sharing cloud services.
With all the applications and software being used—many of which are brought in by employees but never approved by administration—it is imperative that your organization has a policy. What tools are permitted for employees? Are there client documents that should never be sent using specific, low-security platforms? Most employees won’t be asking these questions. It’s up to administration and management to set these expectations.
Once you’ve set the expectations, acknowledge that employees may not follow the policy. It’s up to you to educate employees on the well-founded reasons for your policy and give employees the tools to follow policy. One of these tools is an enterprise-grade secure file transfer platform.
If you are unsure where to start, we can help. Give us a call and we’d be happy to help determine the policy and solution that is best for your organization. Whether it’s as simple as a cloud solution, or as robust as on-prem we have the answer.