CIO Influence
Guest Authors Information Management InfoSec

External File Transfers – Do They Need to Be Risky Business?

External File Transfers – Do They Need to Be Risky Business?

We all know that 2020 was the year where everyone, every business, every institution had to adapt. The pandemic spurred on digital transformations, which lead to a radical change in where we store our data and how we access it- this often being synonymous with using Cloud services. 2021 was no different either!

And for the financial service industry (perhaps more than any other sector), this posed some clear security issues. While this sector may be used to making considerations for cyber security due to the sensitive nature of the data in their possession, the Info Security Group found that 70% of financial services firms were successfully attacked over the past year, blaming Covid-related conditions.

Paradoxically, the speed of these changes means that IT administrators are aware of the security risks, particularly around ransomware. Helped by some recent high-profile cases in the media, best practices have made their way into the minds of IT staff; the importance of protecting their cloud data, regularly testing backups, and more broadly, having a solid disaster recovery plan in place.

However, this has led to the seemingly benign and unsophisticated functions to go under-scrutinized: namely, sharing of data. In a sector increasingly intertwined in enormous amounts of data that is particularly sensitive and confidential, financial institutions need to ensure security standards nurture a level of trust with their customers and clients. Beyond the need to protect valuable data, need to abide by global standards such as GDPR and ensure that data is shared in a controlled manner. Email attachments, Mobile Banking apps, public cloud storage, all contributed to making it more complicated for IT teams to track and control what is being shared and when. 

This is where it becomes essential to move to a modern file transfer solution, which allows combining more convenience with added security for all parties involved.

 So, what should an IT administrator be looking for in a modern and solid file transfer solution in 2022?

 Encryption

This is an absolute must-have, with preferably a military-grade encryption level, typically AES-265, to ensure files cannot be read if the storage is ever breached. A robust solution does not leave weaknesses in the overall design: the strongest possible encryption is a waste of time if the user chose an encryption key easily guessable. Modern solutions, such as Synology’s C2 Transfer add extra security layers by calculating encryption based on the email of the sender, helping add additional complexity.

Recommended IT News: Elastic Announces Streamlined Data Integrations to Enhance Cloud Search Experiences

 Identity check

When sharing confidential files, there is always a risk that the link is intercepted, possibly sent to the wrong email for example. It is therefore essential that the solution “checks” that the person looking to access the link is authorized. To ensure this vital check does not come at the expense of the user experience, a unique One-Time-Password can ensure research files do not end up in the wrong hands.

Controlling Who Shares What

The minute we give staff the possibility to share data, we should expect that the wrong data will be shared with the wrong person. It is therefore essential that users can restrict file access. Ensure the file transfer solution allows to control the number of downloads allowed, ideally a simple option to “download only once” will mean that after the intended person accesses the data, the link will expire. If an entire team of researchers needs to access the data, then it is vital users can set expiry dates after the link is inactive.

 As essential as these features are, IT administrators cannot solely rely on the goodwill of users. This is where policies become useful, as they allow you to enforce that “whoever shares a file must set a number of downloads” or alternatively, “must set an expiry date”. Whatever the size of the organization, you will want to set boundaries for more junior users, and give more flexibility to senior members, it is, therefore, good to see if the solution entails groups and policies. 

Solid Infrastructure & Fast Transfers

Whilst this may sound more like a pure sales feature, it is vital that staff adopt your file transfer solution. Beyond a well-designed interface, the speed of upload and time for the receiving party to download and access are absolutely critical to that adoption. What is the risk of going for a cheaper provider, who may have limited servers throughout the world and therefore slower speeds: users will revert to file transfer apps they may use personally, but not integrated into the company’s infrastructure, and over which you have no control or visibility, potentially open to being hacked and your data being leaked.

 This brings us to a last important consideration: a modern file transfer solution needs to integrate with the rest of the business’ setup. Whilst convenience can directly benefit, more prosaically, tying the file transfer platform into the same account system will mean a lower risk of breach. 

IT and Networking News: Cigniti Enhances its 5G Assurance Focus With innovate5G Partnership

So, to all IT administrators in financial institutions, in this fast-evolving environment, it is imperative to anticipate the coming challenges, and ensure that you can not only recover swiftly from security breach but avoid the breach altogether by ensuring users are interacting and sharing data on a modern and secure file transfer platform.

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Transform Your Business: Why AI Adoption is the Key to Your Business Growth and Prosperity

James Barlow

Working to Build a Better Connected, More Intelligent Ecosystem in South Africa

Sphumelele Ndlovu

Application Security Can Actually be Simple — Here’s How

Caroline Wong

Leave a Comment