Compliance and File Transfer: 3 Pitfalls to Avoid

File transfers aren’t always what they seem. In a corporate environment, what may look like a secure way to send a file to someone else – whether internally or to a third party – often isn’t.

And for firms subject to compliance dictates, failing to hold file transfers to the highest standard could be bad for business.

Thankfully, some of the most common file transfer pitfalls are easy to identify. Here are three you’ve likely seen around the office, although you may not have been aware of their consequences.

1. Reliance on consumer file sharing apps
Applications like DropBox and SugarSync are popular because they remove a lot of the hassle from sharing files with individuals and groups.

Unfortunately for business users, these apps are consumer-grade solutions that should never be used to transfer sensitive company data. Why not? Because when individual users start uploading business documents to their file sharing accounts, IT can’t manage the content those users share; that’s bad because many organizations require IT to manage business data for legal or regulatory reasons.

As soon as it’s time for an audit or e-discovery exercise, IT won’t be able to find the files hanging out in users’ DropBox folders – a huge compliance problem that everyone would prefer to avoid. What’s more, recent data breaches of popular file sharing applications suggest that the level of encryption those services employ isn’t sufficient for transferring business data.

How much unauthorized data exposure is your organization willing to tolerate? If the answer is none, it’s probably time to do something about employee use of file sharing apps.

2. Putting trust in FTP systems
What about FTP? Surely that’s more secure than consumer file sharing applications. After all, enterprise has been using FTP for many years to transfer files. What could possibly go wrong?

While FTP certainly has its advantages, it also has one glaring problem that introduces serious compliance risks when using it as a file transfer solution: files often sit on FTP servers for years, which opens the floodgates to data breaches from inside and outside the organization.

FTP, simply put, is legacy technology when it comes to file transfers. It doesn’t employ modern encryption protocols and can’t be trusted with confidential or regulated information.

3. Using email for file transfers
Every time you attach a file to an email, you’re performing a file transfer.

That’s not necessarily a bad thing either. Attaching files to emails is a great way to share photos, personal documents, and virtually anything else not subject to regulation. But business data often is subject to regulation, and transferring sensitive files via unencrypted email services introduces many of the same security risks we see with FTP and consumer file sharing apps.

Email is also totally unmanaged. Not only can IT not see who’s sending what to whom, but even senders themselves receive no confirmation that the intended recipients obtained the transferred files.

Context is everything – and email, FTP, and consumer file sharing apps are excellent tools in their appropriate contexts. They just don’t make the cut for organizations whose credibility and continued relevance depend on staying compliant.

What’s the solution? A managed file transfer application built to secure your data and maintain compliance. It can help you avoid these common security pitfalls, put IT in control, and bring order to a system composed of disparate file transfer solutions that lack corporate oversight.

Your data will be safe – finally. And you’ll be ready for that next legal audit.

Share this post:

Leave a Reply

Your email address will not be published. Required fields are marked *