Practice Safer File Sharing

Online file-sharing services such as SharePoint/OneDrive, Dropbox, Box and Google Drive make it easy for team members to share documents, videos and other digital media necessary to keep important projects on track. Unfortunately, these services also heighten the risk of data loss and compliance violations.

• Unapproved file-sharing services are frequent sources of data leakage. Sixty percent of users surveyed by the Ponemon Institute admit they have often inadvertently forwarded files to people who were not authorized to see them.

• Threat actors target file-sharing providers to steal sensitive data. For example, hackers breached the Accellion service in 2021 and stole Social Security numbers, medical records, financial records and other sensitive data from approximately 300 organizations worldwide.

• Many services use encryption to protect their users’ data, but they hold the encryption keys. If the provider’s system is compromised, hackers can access the decryption keys and steal your data.

• Few of the free or low-cost file-sharing services have adequate tracking capabilities, making it difficult to know who is accessing your files.

• Malicious actors also use these services for phishing campaigns, sending legitimate-looking notifications that a document or picture has been shared in an attempt to get victims to enter login credentials on a fake sign-in page. 

The easiest way to mitigate these risks is by using only company-approved services. NetAscendant recommends the use of SharePoint/OneDrive for its customers and ensures that the environment is well secured, actively managed, and backed up. When effectively managed, more control is exercised over what files are shared and who is authorized to access them. Additionally, other security improvements can be implemented such as encryption, authentication, monitoring, auditing, policy management, electronic document signing and customizable storage configurations.