5 Major Goofs That Can Derail Your Secure File Sharing Plans
by Michael Fiorenza on March 11, 2016
Secure file sharing is the ability to communicate and collaborate without the risk of outsiders or unauthorized persons accessing your sensitive data. Enabled by the cloud, it uses strong encryption techniques to keep outsiders out while making access to authorized users easy, fast, and efficient. When done right, it allows your workforce to be incredibly productive, while keeping IT infrastructure and staff at a minimum. But even the best systems are subject to mistakes and human errors that can undo all of the security that the technology has created. Here are the top goofs that derail the most secure of file sharing plans.
1. Insecure Passwords
Long, complex passwords that aren't based on easily found or guessed information make it far harder to engineer a password to break into the file system.
No system is any more secure than its weakest password. There are multiple ways that hackers or intruders can get their hands on weak passwords. They can outright steal passwords (from a lost mobile device or from a sticky note on the worker's desk). They can use social engineering to guess a password based on the user's dog's name or spouse's birthday. Or, they can use algorithms to cycle through all the possibilities until they hit on the right one. Passwords need to be:
• Random -- not based on real words or common combinations (like 8675309)
• Long -- even with advanced algorithms, it's far harder and takes longer to land on a 10- to 16-character password than it does a 4- to 8-character password
• Varied -- using a combination of letters, digits, and characters, including both upper and lower case letters
2. Sharing Passwords
Unauthorized entry to systems is often gained by hacking into a low-level user's account and then "leveling up" to higher levels of access. That means it's critical that people do not share passwords, either inside the organization or outside. For example, the admin who shares their password with a user to do something their access level won't allow, or an employee sharing their password with a vendor who doesn't have their own access code -- these are the makings of a massive data breach.
3. Keeping the Same Passwords Indefinitely
Creating new passwords frequently assures that even if a password is guessed, engineered, or stolen, it doesn't do the intruder much good for long. Some systems require users to change passwords every week or once every 30 days. This greatly reduces the chances of having the account hacked.
4. Insider Threats
Insider threats include intentional acts by employees, as well as accidents that happen when users don't understand proper security protocol.
Insider threats come in two flavors: intentional with a side of malice and unintentional topped with ignorance. Both are dangerous. You can help thwart the first with careful HR practices and solid management. You can help deter the second with good training programs, empowering the teams with secure file sharing tools, and instituting policies to govern the use of those tools.
5. Outsiders (Vendors, Partners, Customers)
This is an extension of the insider threat -- outsiders who have legitimate access to your systems. Do your vendors use the same rigorous hiring practices and employ the same ongoing training that your company does? Administrators can often set up limited-time and restricted-access to your databases and files, so that if an account or password is mishandled, IT can limit the damages done.
Being aware of the potential for problems is the first step to making sure the goofs don't actually happen. Are you ready to see what a smart, secure file sharing system can do for you? Click here to view our customer success stories.