All you need to know about file sharing for business, from transfer methods to strategies and tools for staying safe and secure
By now, most businesses have ditched paper in favor of digital files, making the most of paperless storage and more efficient workflows. However, file sharing has its downsides: it can be easy to get lost in multiple document versions, while security measures are often less than ideal, potentially putting sensitive data at risk.
In this article, we will look at how to ensure file sharing balances safety with ease of use to increase efficiency among the modern workforce.
A growing trend has emerged over recent years as millenials have shifted the expectations of what a workplace should be. Even before Covid-19, an estimated 43% of American employees work remotely on a regular basis.
Due to the enforced home working caused by the Covid-19 pandemic, the remote workplace has rapidly become essential for businesses to continue functioning effectively. In many cases this has demonstrated the viability of remote working becoming universally implemented, shifting perceptions of what it means to operate in a modern workplace.
One of the main reasons for such a seismic transition being so effective is the level of technology available to facilitate these changes. Video conferencing and file sharing mean that real-time discussions can be held regardless of who is physically in the office, reducing costs for the business and giving staff more freedom to sculpt their work/life balance, leading to improved wellbeing and productivity.
However, rapid change can often result in new or increased security risks. For example, there is a much greater chance of files being accessed on unsecured personal devices or devices being lost or stolen. Both could result in a data breach, damaging a company’s relationships with customers and partners.
Physical drives may be a good option for large files, but the offline process of transferring them can only be completed on one device at a time and the USB device holds no record of which devices the data has been transferred to. The physical storage option also presents another risk - that the device itself could be misplaced, stolen, or damaged, making the data irretrievable.
It can also be an expensive mistake to make. In 2018, Heathrow Airport in the UK was fined £120,000 after a member of the public found a misplaced USB stick containing sensitive information.
In its most simple form, email attachments are a form of file sharing. There are often file size limits which can make this method inefficient. Worse still, if a document is being shared, multiple threads containing different versions of the same documents could lead to confusion and the misplacing of files.
File transfer protocol (FTP) is a simple and effective way to transfer large files, such as archives. However, it is not very dynamic and not suitable for managing collaborative documents.
Peer to peer (P2P) file-sharing may still maintain a shady reputation due to its links with music piracy, but the format is actually a very secure method of sharing private files within a group. Rather than use a central server, P2P file transfers are shared among the network connections of a small group. This keeps files private, but can often be slow and also not useful for collaborative projects.
Cloud services host the files on a central repository from which other users can access them. While they are hosted by a third party, access permissions can be controlled to keep documents protected.
Third-party hosting allows for much more than storage and ease of access. By hosting a project’s documents centrally, multiple users can work in the same file simultaneously. This type of shared access means that genuine collaboration is possible from a range of devices and remote locations.
While email attachments and USB storage have been the norm for many years, the digital transformation of workplaces has highlighted the flaws of these file sharing methods. Cloud-based services and project management platforms help to address these challenges. These file-sharing tools help to improve security and productivity, with many providing useful features such as:
While mobile working is popular, one of the major concerns that have made businesses wary about its wider use is the restrictions on efficient communication, making delivering projects especially difficult. While real-time collaboration is vital to the success of a project, an efficient file sharing system can bridge the physical gap, enabling campaigns with multiple stakeholders to be run effectively.
Operating file-sharing provides security benefits over the alternative of sending documents back and forth via email. Holding a central version means that documents cannot be accidentally erased or lost. Varying access levels give control over who is able to see or interact with any given files and encryption can protect sensitive documents from being intercepted.
A cloud-based file sharing platform will help to manage thousands of disparate files, keeping them organized in central locations, automatically creating backups and revisions of documents should anything need to be rolled back to an earlier version. This means that every stakeholder has access to the latest version of the files regardless of where they are or which device they are using.
Despite the many benefits of secure file sharing for business, sharing data and files online always comes with some potential risks. For this reason, file-sharing tools should not be used in isolation and should be integrated into an existing holistic security strategy.
A virtual private network (VPN) has long been a recommended security measure for protecting business data. With files being accessed outside the traditional physical office more than ever, a VPN is now essential for protecting files from being intercepted when accessed on public or unsecured networks.
Simply, a VPN operates like a tunnel by encrypting and concealing the data being transferred. This means that third parties are not likely to intercept data and even if they do, it would be encrypted and unusable.
Setting up an office VPN for users working remotely will ensure that files can be securely shared between virtual office spaces. This can be used in addition to any end-to-end encryption offered by your file-sharing services, adding another layer of security to shared files.
A staple security mantra is that strong passwords are essential to effective security. This remains true but it is hard to police, especially if staff are working from personal devices. The sheer number of passwords that need to be remembered can lead to users opting for convenience over security and using simplified passwords, or repeating them across accounts.
This can easily be avoided by providing a password manager tool. These tools will remember all of a user’s passwords, meaning they only have to remember one for the manager tool. With a business account, you can also set permissions for shared passwords. Better still, many password managers will automatically generate new, secure passwords making it easier for users to remain secure on any device.
2-factor authentication (2-FA) is a useful tool for ensuring that access to data remains protected as users are required to verify their identity by another means beyond a simple password. For example, a user would be required to provide a unique code alongside a username and password to log into a shared network. This code could be sent to a separate mobile device or email account meaning that even if the password were to be acquired by cybercriminals, they would still not be able to gain access to the network.
Multi-factor authentication follows the same principle as 2-FA but could include additional authorization steps. This could be in the form of a pin number or a biometric identifier, such as fingerprint or facial recognition.
Further reading: How to use multi-factor authentication for safer apps
A simple, but often overlooked measure is to regularly assess and update access permissions for files and folders. Users should only have access to the files required for them to do their jobs. This can be split by department, seniority, or individually. By restricting permissions, the chances of files being accessed illegally are immediately reduced simply by having fewer accounts able to view them.
This is not a single-time task and should become a habit as part of seasonal security processes. Staff turnover and changes in campaign plans are just two of the reasons why permissions may need revising or revoking.
As important as monitoring the people who have access to files is monitoring the files themselves. Files that are outdated or unused should be removed as a precaution. This not only saves bandwidth but also ensures that the only files that are available to share are those that are actively required for staff to do their jobs.
While there are numerous ways to better protect files with security software, human error remains the most common cause of a data breach. While some breaches could be malicious, the majority of human errors are likely due to a lack of awareness or training around best practices. This is especially true with unfamiliar software.
From making copies of files and changing access permissions to sharing passwords across accounts, providing sufficient training for staff is a crucial step in ensuring sharing business files online remains secure.
Ultimately, establishing secure file sharing within a business should be integrated as part of the existing cyber protection policy, allowing the tools to operate holistically rather than as standalone applications. Cloud file sharing is the most effective solution for collaborative working, but it is important that the chosen client’s service matches the day-to-day and security requirements of your business.
Unsure which antivirus product is right for your business? Check out the Avast Business Help Me Choose tool to find the best protection for your network and endpoints.
How SMBs can keep data and devices protected - no matter where work is being done.
How organizations can become more cyber resilient, and how they can fix blind spots in their cybersecurity strategy.