File Sharing: A Potential Security Risk for Municipalities
The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.
Keeping government data secure is harder than ever before. The Pentagon reports 10 million probes and attacks on their systems daily. The State of Utah reports an average of 20 million a day. Mandates to use cloud services, and expanded use of mobile devices in the workplace improve productivity and reduce costs, but also increase the risk for data leaks.
Let’s discuss file sharing, since it is such a prominent part of every organization. The most common types of file sharing methods are done through email, the web, or a File Transfer Protocol (FTP). Sharing files internally or externally should be simple, but with so many unsafe habits and practices by individuals, it is putting your organization’s, and citizens’ privacy continuously at risk.
It is hard to believe, but on average over 2.5 quintillion bytes of data is produced in just one single day! It is extremely difficult for one person, or even a team of people to monitor these large amounts of data – even tools struggle to keep up. It is extremely difficult to monitor who sent what, and when and to whom, or to ensure that sensitive files are securely sent.
We know we shouldn’t share THIS type of data insecurely, but why do most still do it?
Information that is never okay to share insecurely includes passwords, social security numbers, medical information, credit card numbers, or anything similar. Even though this seems like it should be common sense, you would be surprised to know that people share this type of information all the time via email, text, etc. Sensitive information should always be shared securely, but do your employees know how to do that, and have you made secure sharing available to them?
Some organizations fail to provide policies or procedures for securely sharing documents, so employees will frequently take matters in to their own hands. They will use personal email, or free cloud storage services like personal Box, OneDrive, DropBox, or similar accounts to share info with others. You may not realize, but a whopping 84% of IT professionals report security problems caused by consumer file sync and share services used for transferring files. Employees are really not trying to do this maliciously; they are just trying to get their job done. However, personal file management software is a terrible solution because the information cannot be managed or protected. If an employee leaves, they still have access to everything in their account, and you do not. Additionally, you need to be able to monitor and manage the security and access. It is also important to note that sharing over FREE Wi-Fi is extremely unsecure, and should NEVER be done.
What can you do to combat unsecure file sharing?
There are solutions you can use to get ahead of the issue. Enforcing the use of software like OneDrive or Box for BUSINESS is a basic file sharing solution. These solutions enable you to centrally manage accounts, storage usage, and security settings. If you are already using the popular Microsoft Office 365 solution, you can add on Azure Rights Management for a minimal increase in cost. With this add on, you will get Information Rights Management capabilities, such as “Do Not Forward” and “Company Confidential,” as well as Office 365 Message Encryption, which allows you send encrypted emails to anyone!
For organizations seeking an Enterprise Level file sharing solution that makes sharing documents simple and secure, there are a growing number of solutions for you. Here are a few items you should consider when making your decision:
What data protection laws are you responsible to comply with?
Will the solution be appropriate for your needs?
Will the solution allow you to edit documents across multiple devices?
Choose a solution that will replicate desktop file structures, and allow you access whether you are on or offline. For security features, the solution should offer full encryption, policy based control of content, users, and devices, two factor authentication, and built in remote wipe at a minimum.
The list goes on, and can get a little technical. We have posted a FREE File Sync & Share Buyers Guide on our website
that provides all of this information and more at, rmonnetworks.com/FSSGuide.
Implementing Security for your Cloud Based File Sharing Storage Systems
As the online file-sharing solutions grow, so does the opportunity for users and hackers to damage your organizations data. You may think that your data in the cloud is secure, but you need to take security measures there as well. Just recently we dealt with a client that needed help because employees had been using their personal Dropbox account to share business files. This client contracted a ransomware virus. Since they were sharing access to these infected files, they kept passing the virus back and forth to each other and infecting their PCs as well. You must take extreme caution, because these viruses can then make their way across your network, and perhaps your entire organization.
Hopefully this article helps you understand the need for an enterprise level file sharing solution, and also the need to protect this cloud application, the same way you would protect your physical network. Having a cloud file sharing system is essential in this modern world, and so is protecting it. Research cloud app security for your cloud storage, and make sure you have anti-virus installed and running. And of course, never forget to back it up! Your back up is your insurance, should a disaster ever occur.
Tim Howard is the President and CEO of RMON Networks (www.rmonnetworks.com), a Managed IT Service Provider specializing in services for Municipalities. For free security tools, and educational information visit the resources section at www.rmonnetworks.com.