5 Things Hackers are Mortified You'll Learn About Secure File Sharing
by Shirish Phatak on September 1, 2016
The year 2013 wasn't pretty. Aided by the massive Target breach, almost 49,000 separate records were stolen during this 12-month period. 2014 was no better; dubbed "The Year of the Data Breach" with no affection at all. 2015 was even worse. It saw double the number of breaches as 2014 within just the first eight months. Though not nearly over yet (the humiliating Sony breach happened as the final curtains were drawn on 2014), 2016 stands to outdo both previous years.
2015 closed out with over 121 million records stolen, 99.9 percent of which were external hacking jobs (as opposed to an insider job). Clearly, hacks are on the rise. This has sparked much debate in the IT security industry, with some experts calling for new tools and security solutions, others claiming it's time to toss in the towel on hack prevention and focus instead on incident response: what to do once a breach occurs.
On the sidelines, watching with curious interest, are all the non-techies: the business people who simply need to do their jobs and need solid tools to do those jobs as safely, quickly, and efficiently as possible. What about those people?
Secure file sharing is one such tool. It's essential for business people to be able to share files securely and conveniently with coworkers, business partners, customers, remote workers, etc. But too often, the company turns to insecure tools and sharing solutions based in the public cloud, where sensitive customer information and intellectual properties and secrets are there for the pickings. Hackers don't want you to know how easy it is for them to break into these consumer-grade sharing tools, and neither do the companies that earn millions selling ads to support those public offerings. Here's what hackers are afraid you'll learn about secure file sharing.
1. There IS a Difference in Enterprise-Grade Secure File Sharing Tools
Not sure if there's really a difference between the freebie consumer-grade sharing tools and enterprise-class secure file sharing? Hackers hope you never find out.
Enterprise-class secure file sharing tools are not the same animals as freebie public cloud solutions. These are well-developed, well-tested products that developers take tremendous pride in and continually work toward identifying and closing security vulnerabilities before those vulnerabilities are found and exploited by the bad guys. These products offer features like user access levels, which allow you to designate the level of access given to any particular user or employee.
For example, you can designate an access level to your suppliers that allows them to see only the data relative to their accounts with your company, or you can designate that a manager is able to see all the data relative to his/her department or purview. Don't be fooled into thinking that a free file sharing tool is the same as an enterprise-grade secure file sharing solution.
2. Not All Data is Equal in Value
It's our nature to gasp and cry when we hear the term "data breach". But not all data is the same, hence, not all breaches are equally squeal-inducing. For instance, if an amateur hacker manages to hack into your website and posts an unflattering picture of a presidential candidate for a couple of hours, this is embarrassing and likely costs you a few sales in the meantime, but it isn't devastating in the way that a large, sophisticated hack making off with thousands of your records would be.
Make it clear to your workers the actual value of data. Reflect this in their user access levels. Stress it in managers' meetings. Data that is of high value on the black market (like social security numbers) shouldn't be held to the same standards as a simple list of your customers' names with no other identifying information. Similarly, data should be handled by your secure file sharing solution according to its value, not just the fact that it's "data" or even "customer data".
3. Intellectual Property is as Valuable as Personally Identifying Information
Your intellectual property can be as valuable in the wrong hands as consumer information and other data used for identity theft and consumer fraud.
While you're assigning value to data, be sure that your intellectual property and proprietary secrets are assigned a high level of value and security. Though damaging in a much different way than personally identifying information on your customers, it is definitely damaging. When your workers are sharing things like files containing your most recent financial forecasts or the plans of your top secret products in the development process, they need to be using the highest possible security. That means sharing via your enterprise-grade secure file sharing solution, not via email or through a social network.
Email was not designed to be a secure sharing solution from its onset. All of the security features our current email systems lay claim to are tack-on solutions that are makeshift at best. While email is exceptionally handy for sending out an interoffice memo on your new parking deck arrangement, it's wholly insufficient for communicating things like consumer data, HIPAA-regulated information, and proprietary secrets.
4. Trained Workers Really Do Make a Difference
Workers who know what data is most valuable and protected, how to use (and not use) email safely, and how to get the most out of their secure file sharing solution are the least likely to let in an attacker. The majority of hack attacks and data breaches occur when an unsuspecting, untrained, or distracted worker opens the wrong email, answers a phishing scam, or visits an infected website. These are the means by which hackers sneak through malware.
Though the malware introduced by these means often looks like low-level stuff, the malware is a springboard by which the hacker gains deeper access into systems and databases. Careful assessment of suspicious emails and websites is the only way to assure that whatever sneaks by your antivirus software and email filters doesn't make its way into your systems. Hackers just hate it when people know better than to fall for their tricks.
5. Minimum Compliance With Regulations Isn't Maximum Protection
Businesses often assume that regulations like the HIPAA, FCRA, ECPA, and other data privacy laws and regulations are all it takes to be secure. Nothing could be further from the truth. The fact is, these laws and regulations are meant to represent the bare minimum of data protection. Businesses should consider these to be a starting point for security, building a comprehensive and up-to-date, multi-tiered security solution on top of those bare basics. A secure file sharing solution is an important layer of protection that can keep hackers out of your valuable data as it is in transit.
Want to learn more about things hackers hope you never learn about secure file sharing? Watch the Talon FAST™ video now.