Everyone shares files whether it’s a photo, an email or a message to someone we know. But the way those files are shared can literally give hackers the key to all your other data. It’s very easy these days to inadvertently share a file in a way that opens up a back door to all your files. But file sharing is a necessary part of doing business, so how can you do so safely? 

As a managed service provider, we see many small and medium size businesses that don’t have a strong policy and procedure around file sharing. Or they have shadow IT risks, where staff go outside those safe processes to get around obstacles to business. Here are some file sharing best practices to guide you. 

How Can File Sharing Be Dangerous?

There are three main ways that sharing files can harm your business:

1. The file becomes corrupted with malware, including viruses, worms, ransomware and more. Once that file is on your network, that malware can quickly spread.
   
2. The file contains sensitive or proprietary data and ends up either being sent to the wrong person or living outside your organization’s data protection (e.g., a “temporary” share that is never deleted from the file sharing service or backed up within that service and therefore lingers).
   
3. Sharing the file outside approved channels “opens the gate” to your network by bypassing firewalls or other protections.

Bad Types of File Sharing

We all know that you can share a file by email, by a file sharing application in a cloud or peer to peer (P2P) network sharing. None of them is really secure. 

• Emailing: The problem with attaching files to an email is that all it takes is a typo for your business data to be in the hands of a complete stranger. Emails are almost impossible to retrieve once they are sent, so just get out of the habit of attaching files to emails. Sending a link to a password-protected file is better but not perfect.
• P2P networking (e.g., BitTorrent, eMule): Peer to peer (P2P) networking is an easy target for cybercriminals. It opens a backdoor to networks and allows the spread of malware among files. Users could accidentally share folders and leak sensitive data, or even acquire media illegally.
• File sharing applications (e.g., Box, Dropbox): Even secure cloud file sharing applications have some risks including different versions of the same file floating around or the same information being stored in different cloud systems. 

Good Types of File Sharing

The most secure file sharing system is the one that is part of your overall IT infrastructure and protected with the permissions and cyber security measures put in place for your business. Using a secure collaboration platform such as Microsoft Office 365 can accomplish that. 

Make sure your IT plan includes a method for sending and receiving very large files or other file types that might be normally blocked by your network. If you don’t put a solution in place, people tend to come up with one on their own and you end up with a series of shadow IT practices that put your business at risk.

If you do need to use a file sharing service, make sure to use one with 256-bit AES encryption over SSL including One Drive, SharePoint, Egnyte, ShareFile or SugarSync. Make sure to read the user agreement carefully. 

The most important thing about these file sharing options is that there is only one encrypted document or file which is  shared with whomever needs it — a team, department, customers — all authorized to access that file. There are no duplicates or versions to confuse participants. Whenever an addition, correction or deletion is made, it is made in just one file so that everyone is literally working on the same page.

This approach is called co-authoring and enables team members to work in real time anywhere in the world while having complete visibility and control over what changes are being made. It also allows the team leader or creator to assign tasks to team members and create workflows.

Getting Started With File Sharing 

Even before you select the platform for file sharing, you should create a file name convention of how every file name will be structured within your organization: department, subject, date, etc. based on your company’s structure.

Make it clear to team members why this change is happening and the resulting benefits to the team:

• It will create consistency in your file names.
• Everyone will be able to easily find information they need.
• It will promote teamwork by establishing standards that benefit everyone. 
• It will make it easier to manage your files from an administrator’s perspective. 
• It will improve readability of your company files.

Remember to keep it consistent and keep it simple. Make it second nature to follow the name convention your company has established so there is no confusion and no redundancy.

File Sharing Tips and Best Practices

Here are some other tips for setting up your file sharing:

• Admins are the only ones who should set up folders.
• Folder structure should be set up by the department, making them the top-level folders. 
• Keep the subfolders levels small (no more than five), so that information is not buried too deep.
• Create folder templates for departments and subfolders to keep things consistent throughout your departments.
• Only share with groups of people or by department not with individual users.
• Create different access options like “view only,” “contributor,” “author,”  etc. to share as much information with your team as possible, without fear of files getting accidentally moved, edited or deleted. 
• Decide if you want just your organization or others outside of your organization to have access. Set permissions accordingly and audit them regularly. And maintain consistency in them.
• Set up alert notifications for highly sensitive and critical information.
• Use hyperlinks or shortcuts when a file needs to be in more than one department to prevent duplicate versions.
• Assign one person in each department to oversee all of the data and to audit it on a regular basis.
• If you need to share a file, share a protected link, not the attachments; that way your data stays safe within your organization.

Most importantly, don’t do any of this if you are not comfortable with managing your company data.  Contact us or book a meeting, virtual or in person. We’d be happy to assist you with this or any other IT situation.