Secure file transfers: efficiency without threat

March 2023  |  FEATURE | DATA PRIVACY

Financier Worldwide Magazine

March 2023 Issue

Though it has become cliché to say that ‘data is the new oil’, the importance of data to the global economy cannot be overstated. Companies generate and store huge quantities of data, as well as regularly exchange it internally and externally, domestically and internationally. As more processes become digitalised, file transfers are increasingly common.

But if these data transfers are unsecure – such as via unencrypted email or cloud-based services, for example – it may expose companies to severe risks, especially if they contain sensitive, proprietary or classified information.

The widespread adoption of instant messaging and collaboration tools, as well as cloud-based file-sharing and a tendency to use personal devices for work tasks, has made the process of sharing data easier. This trend accelerated during the coronavirus (COVID-19) pandemic, which caused a significant shift to remote working. At the same time, however, it has also made data sharing more unsafe.

Unsecure file transfer methods can open companies to potential exploitation by malicious actors. Cyber criminals are becoming increasingly bold in their tactics. Data theft or malware attacks can cause reputational and financial damage that is difficult to repair.

Thus, it is imperative that companies know how to apply secure and efficient data practices without affecting the efficiency of their business. They need to put in place the right security measures to protect the safety and integrity of their data, to reduce breaches. This also helps companies meet their regulatory compliance requirements, such as those under the European Union (EU) General Data Protection Regulation (GDPR), among others.

Protocols

Data transfer solutions are central to compliance efforts as they provide security monitoring and controls, auditing and reporting capabilities, and more. Beyond standard best practices such as firewalling remote access, using strong passwords and multifactor authentication, and encrypting files, the market is full of enterprise-grade tools and products for companies to share files both internally and with third parties.

The human factor is a significant aspect of cyber security, and companies need to drive behavioural change to reduce cyber risks.

Most secure file sharing methods use standard protocols that provide encrypted file transfer. A number of different options are available.

For example, secure file transfer protocols (SFTPs) transfer files using a secure shell (SSH) connection. File transfer protocol over SSL/TLS (FTPS) offers encryption and uses an application layer wrapper, known as a secure sockets layer (SSL) to provide secure and private communications across a network.

Hypertext transfer protocol secure (HTTPS) helps to shield websites when users are providing sensitive information like credit card numbers or other personal information, offering multiple layers of data protection including data integrity, encryption and authentication.

Applicability statement 2 (AS2) is a standard used to transfer electronic data interchange (EDI) messages and other data in real time, facilitating the ability to exchange AS2 EDI messages and other types of data over the HTTP or HTTPS protocol.

Awareness

Other practical steps can ensure that companies conduct their data transfers safely. Perhaps most importantly, companies should conduct regular training exercises to educate their employees about the potential security risks associated with file transfers.

Lack of knowledge and awareness is a problem. According to Cyber Security Hub, 30 percent of cyber security practitioners say the most dangerous threat at their organisation is a lack of cyber security expertise.

Many companies do not have a standard secure file transfer method, so users are left to source one for themselves. Major risks arise from employees using unsecure data transfer practices without understanding the underlying vulnerabilities – especially when using unfamiliar software, emailing suspicious attachments or downloading files from file transfer protocol (FTP) sites. Employees simply may not know that more secure data transfer services exist.

Creating a work environment where employees fully understand data transfer practices will go a long way toward mitigating risks. The human factor is a significant aspect of cyber security, and companies need to drive behavioural change to reduce cyber risks. This may involve developing alternative processes and incentivising employees to think and act differently about file transfers.

Action

File transfers are central to business operations, and this will only intensify as more processes become digitalised. If companies fail to adequately protect their data amid growing threats, including malware, data theft and account compromise, they may face significant financial and reputational consequences.

To that end, when conducting file transfers, data should be encrypted and employees should be given the tools and awareness necessary to protect the business and its customers from the unwanted fallout of lost or compromised data.

© Financier Worldwide

BY

Richard Summerfield

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.