Best Practices to Avoid File Sharing Dangers

File Sharing Dangers and Best Practices

File sharing has long been a way to socialize with friends and family, especially sharing a photo of a sweet moment or memory. Everyone does it, whether on social media, through cloud platforms like Google photos, by email or even a text message. But sharing can give cyber criminals a key to your data: If you don’t share the right way you can create a backdoor to all your files. Avoid file sharing dangers as part of your business cyber security plan.

File Sharing Can Be Dangerous

File sharing can be dangerous to your business in three basic ways:

  1. Someone inadvertently shares a file that is corrupted with malware, viruses, worms, ransomware or some other harmful agent that quickly spreads once it gets on your network.
  2. A shared file or photo contains sensitive or proprietary data that ends up being sent to the wrong person or someone who is outside your company’s data protection.
  3. A shared item is not sent by approved channels, ostensibly bypassing firewalls or other protections of your network.

Create a File Name Convention (Before Sharing Files)

Many small and medium size businesses don’t have strong policies and procedures around file sharing. This can  result in shadow IT — when staff decide to use software, systems, devices or apps without explicit IT approval. 

To avoid shadow IT, the first thing to do is create a file name convention of how every file name will be structured within your organization based on your company’s structure. For example: {YYYY MM DD} {Department} {Subject}.

Your team needs to know this change is happening and why.  Make it clear that resulting benefits to the team are:

  • Consistency in your file names.
  • Being able to easily find information when it’s needed.
  • Promoting teamwork by establishing standards that benefit everyone. 
  • Making it easier to manage files from an administrator’s perspective. 
  • Improving readability of your company files.

Keep it consistent and keep it simple so that it becomes second nature to follow the name convention your company has established, thereby eliminating confusion and redundancy.

Bad Types of File Sharing

No file that you share peer to peer (P2P) or in a file sharing application such as a cloud, is really secure. We repeat: no file you share P2P or in a file sharing app is really secure.

Attaching a file in an email is usually fairly safe UNLESS you make a typo and send it and all your business data to a complete stranger, possibly a malicious actor.  Retrieval of that email, even if you try just seconds after you hit the send button, are nearly impossible.  Instead, sending a link to a password-protected file is better but still  not perfect.

Cyber criminals love when you attach a file using P2P networking (e.g., BitTorrent, eMule). Peer to peer (P2P) networking is an easy target for cybercriminals because it opens a backdoor to networks and allows the spread of malware among files. Unwitting users could accidentally share folders and leak sensitive data, or even acquire media illegally.

Even file sharing applications like Box or Dropbox have some risks. Different versions of the same file floating around or the same information being stored in different cloud systems is one of them.

Good Types of File Sharing

The best way to share a file is by using a method that is part of your overall IT infrastructure and therefore protected with the permissions and cyber security measures put in place for your business. Microsoft Office 365 can accomplish that or a similar secure collaboration platform.

Sometimes you might need to send or receive a really large file, so make sure your IT plan includes a method to do that without being blocked by your network. If you don’t put a solution in place, people tend to come up with one on their own and you end up with a series of shadow IT practices that put your business at risk.

If you do need to use a file sharing service, make sure to use one with 256-bit AES encryption over SSL including One Drive, SharePoint, Egnyte, ShareFile or SugarSync. Make sure to read the user agreement carefully. 

Most importantly about these file sharing options is that only one encrypted document or file is  shared with everyone who needs it — a team, department or even customers. Make sure there are no duplicates or versions to confuse participants. That way, whenever an addition, correction or deletion is made, it is made in just one file so that everyone is literally working on the same page. 

Called co-authoring, this approach enables team members to have complete visibility even though they’re in various locations throughout the world. It also allows the team leader or creator to oversee changes and assign tasks to team members to create workflows.

File Sharing Tips and Best Practices

Here are some other tips for setting up your file sharing securely:

  1. Folders should ONLY be set up by admins.
  2. Folder structure should be set up by the department, making them the top-level folders. 
  3. Subfolder levels should be kept to five or fewer, so  information is not buried too deep.
  4. Folder templates for departments and subfolders should be kept consistent throughout your departments.
  5. Sharing should only be done with groups of people or by department, not with individual users.
  6. Different access options like “view only,” “contributor,” “author,”  etc. should be created to share as much information with your team as possible, but without the fear of files getting accidentally moved, edited or deleted. 
  7. Determine if you want only your organization to have access or if you want others outside of your organization as well. If so, set permissions accordingly, audit them regularly and maintain consistency in them.
  8. Alert notifications for highly sensitive and critical information should be created.
  9. Use hyperlinks or shortcuts when a file needs to be in more than one department in order to prevent duplicate versions.
  10. Only one person in each department should be assigned to oversee all of the data and to audit it on a regular basis.
  11. If a file must be shared, do it by a protected link, not attachments. Your data will then remain safe within your organization.

If you are not comfortable managing your company’s data security, contact us or book a no-obligation meeting. We’d be happy to assist you with this or any other IT situation.

Joshua Gray | Intrust IT Support Cincinnati

Josh Rees

Josh Rees, Client Success Manager, has been with Intrust for over 5 years and started as a service technician for a year before moving to his current position. He acts as quarterback for Intrust, making sure that we are all on the same page. In his spare time, Josh is a huge comic book collector.

Share this Blog

Not Sure Where To Start Looking for an MSP?

Our Managed IT Checklist will help you choose the right IT provider.

Get the checklist

Explore the Latest Trends in IT

Google Workspace Vulnerability Risk Assessment

Google Workspace Vulnerability Risk Assessment

Have you or your company considered going through a Google Workspace vulnerability risk assessment? You wouldn’t be the first to...
social engineering threat trends

Don’t Be Fooled by These Social Engineering Threat Trends

Social engineering is the primary cause of cyberattacks today, so it is critical to keep your team informed of the...
Intrust Nine Days Away from Keyboard Initiative

Nine Days Away From Keyboard Initiative

At Intrust IT, we understand the importance of taking time off to recharge and refresh, just like Ferris Bueller did...
9 Phishing Scam Prevention Tips

9 Phishing Scam Prevention Tips

If you’ve been on the Internet or working at a desk job, you’ve likely heard the term “phishing” thrown around...
Azure vs Aws

Azure vs AWS: Which Should I Choose?

The Azure vs AWS debate is a complex one to handle. You’re likely thinking about which cloud architecture of the...
Cloud Organization Tips

8 Best Cloud Organization Tips (And Why You Should Use Them)

The cloud makes it easy to share, store and manage files, but without routine maintenance, it can become messier than...