File Sharing Risks (and the Best and Worst Practices)

File sharing, whether it’s a photo, email or text, has become a necessary part of business. But some file sharing methods can be downright dangerous, leading to identity theft or other cyber security risks.

Here at Convergence Networks, we have noticed that many small and medium size businesses don’t have a strong policy and procedure about file sharing. Sometimes staff go outside established safe processes to get around obstacles to business. So the trick is to recognize and teach staff the good, the bad and the ugly aspects of file sharing.

File Sharing Can Be Dangerous

There are three predominant ways that sharing files can hurt your business:

  • Malware, including viruses, worms, ransomware can get into your network and then can quickly spread.
  • Sensitive or proprietary data can be inadvertently sent to the wrong recipient or “live” outside your organization’s data protection as in a “temporary” share folder  that is never deleted.
  • A back door is opened when a file is shared outside approved channels in your network bypassing firewalls or other protections.

Bad Types of File Sharing

By now, most users know that sharing a file by email or by a file sharing application either through a cloud or peer to peer (P2P) applications is really insecure. 

  • Emails: It takes a very small typo in an email address for an attached file to go to a complete and possibly dangerous stranger. If you’ve ever tried to retrieve an email, you know it’s virtually impossible, especially at the high upload speeds available today. One answer to this type of threat is to send a link to a password-protected email, but even that is not perfect.
  • P2P networking (e.g.,  BitTorrent, Gnutella, eDonkey, eMule): Cybercriminals love these peer to peer (P2P) networks because they are easy targets. They open a  backdoor to networks that allows the spread of malware among files. Like emails, users could accidentally share folders and leak sensitive data, or even acquire media illegally.
  • File sharing applications: There is even the possibility that reputable cloud file sharing applications (e.g., Box, Dropbox, OneDrive, etc.) have some risks including different versions of the same file floating around or the same information being stored in different cloud systems. 

Good Types of File Sharing

The best and most secure file sharing systems are the ones that are part of your overall IT infrastructure. They are protected with the permissions and cyber security measures put in place for your business. Using a secure collaboration platform such as Microsoft Office 365 can accomplish that. 

Your IT plan should include a method for sending and receiving very large files or other file types that might be normally blocked by your network. Many networks limit the size of files or photos that can be sent giving frustrated staff reasons to come up with something on their own. What you then end up with is a series of “shadow IT”  practices that put your business at risk.

If it’s necessary to use a  file sharing service, make sure to use one with 256-bit AES encryption over SSL including One Drive, SharePoint, Egnyte, ShareFile or SugarSync. And read the user agreement carefully. 

Most importantly in these file sharing options is that there is only one encrypted document or file which is  shared with whomever needs it — a team, department, customers — all authorized to access that file. There should be no duplicates or versions to confuse participants. Whenever an addition, correction or deletion is made, it is made in just one file so that everyone is literally working on the same page

This co-authoring approach enables team members to work in real time anywhere in the world while having complete visibility and control over the changes being made. It also allows the team creator to assign tasks to team members and create workflows.

Get Started With File Sharing 

File sharing can be safe. But before selecting a platform for file sharing, create a file name convention of how every file name should be structured within your organization: department, subject, date, etc. based on your company’s structure or preferences.

Team members need to know why this change to file sharing is happening and the resulting benefits to them. They are:

  • Consistency in file names.
  • The ability to easily find information.
  • Enhanced teamwork by establishing standards that benefit all. 
  • Easier file management from an administrator’s perspective. 
  • Improved readability of company files.

When you keep the file structure of the convention consistent and simple, it makes it second nature to follow so there is no confusion or redundancy.

File Sharing Tips and Best Practices

Other tips for setting up your file sharing are:

  • Folders should be set up ONLY by admins.
  • Templates for departments and subfolders should be created to keep things consistent throughout your departments.
  • The individual departments should set up the folder structure and make them top-level folders. 
  • Subfolder levels should be  small (no more than five), so that information is not buried too deep.
  • Sharing should be done with groups of people or by department,  not with individual users.
  • Different access options like “view only,” “contributor,” “author,”  etc. should be created to share as much information with your team as possible, without fear of files getting accidentally moved, edited or deleted. 
  • Decide who should have access: just your organization or others outside of your organization? Set permissions accordingly and audit them regularly, always maintaining consistency in them.
  • Set up alert notifications for highly sensitive and critical information.
  • Use hyperlinks or shortcuts when a file needs to be in more than one department to prevent duplicate versions.
  • Assign one person in each department to oversee all of the data and to audit it on a regular basis.
  • If you need to share a file, share a protected link, not the attachments; that way your data stays safe within your organization.

When all is said and done, make sure you are comfortable with managing your company data. If not, or you’re not sure, contact us.

Contact Our CLIENT
Support Team
Get connected With
Remote Access

To connect, please enter the 6-digit code given to you by your Network Administrator: