Best Practices to Avoid File Sharing Dangers

File sharing has long been a way to socialize with friends and family, especially sharing a photo of a sweet moment or memory. Everyone does it, whether on social media, through cloud platforms like Google photos, by email or even a text message. But sharing can give cyber criminals a key to your data: If you don’t share the right way you can create a backdoor to all your files. Avoid file sharing dangers as part of your business cyber security plan.

File Sharing Can Be Dangerous

File sharing can be dangerous to your business in three basic ways:

  1. Someone inadvertently shares a file that is corrupted with malware, viruses, worms, ransomware or some other harmful agent that quickly spreads once it gets on your network.
  2. A shared file or photo contains sensitive or proprietary data that ends up being sent to the wrong person or someone who is outside your company’s data protection.
  3. A shared item is not sent by approved channels, ostensibly bypassing firewalls or other protections of your network.

Create a File Name Convention (Before Sharing Files)

Many small and medium size businesses don’t have strong policies and procedures around file sharing. This can  result in shadow IT — when staff decide to use software, systems, devices or apps without explicit IT approval. 

To avoid shadow IT, the first thing to do is create a file name convention of how every file name will be structured within your organization based on your company’s structure. For example: {YYYY MM DD} {Department} {Subject}.

Your team needs to know this change is happening and why.  Make it clear that resulting benefits to the team are:

  • Consistency in your file names.
  • Being able to easily find information when it’s needed.
  • Promoting teamwork by establishing standards that benefit everyone. 
  • Making it easier to manage files from an administrator’s perspective. 
  • Improving readability of your company files.

Keep it consistent and keep it simple so that it becomes second nature to follow the name convention your company has established, thereby eliminating confusion and redundancy.

Bad Types of File Sharing

No file that you share peer to peer (P2P) or in a file sharing application such as a cloud, is really secure. We repeat: no file you share P2P or in a file sharing app is really secure.

Attaching a file in an email is usually fairly safe UNLESS you make a typo and send it and all your business data to a complete stranger, possibly a malicious actor.  Retrieval of that email, even if you try just seconds after you hit the send button, are nearly impossible.  Instead, sending a link to a password-protected file is better but still  not perfect.

Cyber criminals love when you attach a file using P2P networking (e.g., BitTorrent, eMule). Peer to peer (P2P) networking is an easy target for cybercriminals because it opens a backdoor to networks and allows the spread of malware among files. Unwitting users could accidentally share folders and leak sensitive data, or even acquire media illegally.

Even file sharing applications like Box or Dropbox have some risks. Different versions of the same file floating around or the same information being stored in different cloud systems is one of them.

Good Types of File Sharing

The best way to share a file is by using a method that is part of your overall IT infrastructure and therefore protected with the permissions and cyber security measures put in place for your business. Microsoft Office 365 can accomplish that or a similar secure collaboration platform.

Sometimes you might need to send or receive a really large file, so make sure your IT plan includes a method to do that without being blocked by your network. If you don’t put a solution in place, people tend to come up with one on their own and you end up with a series of shadow IT practices that put your business at risk.

If you do need to use a file sharing service, make sure to use one with 256-bit AES encryption over SSL including One Drive, SharePoint, Egnyte, ShareFile or SugarSync. Make sure to read the user agreement carefully. 

Most importantly about these file sharing options is that only one encrypted document or file is  shared with everyone who needs it — a team, department or even customers. Make sure there are no duplicates or versions to confuse participants. That way, whenever an addition, correction or deletion is made, it is made in just one file so that everyone is literally working on the same page. 

Called co-authoring, this approach enables team members to have complete visibility even though they’re in various locations throughout the world. It also allows the team leader or creator to oversee changes and assign tasks to team members to create workflows.

File Sharing Tips and Best Practices

Here are some other tips for setting up your file sharing securely:

  1. Folders should ONLY be set up by admins.
  2. Folder structure should be set up by the department, making them the top-level folders. 
  3. Subfolder levels should be kept to five or fewer, so  information is not buried too deep.
  4. Folder templates for departments and subfolders should be kept consistent throughout your departments.
  5. Sharing should only be done with groups of people or by department, not with individual users.
  6. Different access options like “view only,” “contributor,” “author,”  etc. should be created to share as much information with your team as possible, but without the fear of files getting accidentally moved, edited or deleted. 
  7. Determine if you want only your organization to have access or if you want others outside of your organization as well. If so, set permissions accordingly, audit them regularly and maintain consistency in them.
  8. Alert notifications for highly sensitive and critical information should be created.
  9. Use hyperlinks or shortcuts when a file needs to be in more than one department in order to prevent duplicate versions.
  10. Only one person in each department should be assigned to oversee all of the data and to audit it on a regular basis.
  11. If a file must be shared, do it by a protected link, not attachments. Your data will then remain safe within your organization.

If you are not comfortable managing your company’s data security, contact us or book a no-obligation meeting. We’d be happy to assist you with this or any other IT situation.

Joshua Gray | Intrust IT Support Cincinnati

Josh Rees

Josh Rees, Client Success Manager, has been with Intrust for over 5 years and started as a service technician for a year before moving to his current position. He acts as quarterback for Intrust, making sure that we are all on the same page. In his spare time, Josh is a huge comic book collector.

Share this Blog

Get This Free Resource to Protect Your Business

Checklist: "14 Non-Technical Things You Can Do Today to Protect Your Business from Cyber Crime"

Trending Now: Read More From Intrust IT

2022 Inc. 5000's List

Intrust IT on 2022 Inc. 5000’s List of Fastest Growing Companies

By Tim Rettig | August 18, 2022

CINCINNATI – Intrust IT, a cyber security and IT support company, has been named on the 2022 Inc. 5000’s prestigious annual list of fastest growing companies. For the fourth time, Intrust has ranked among America’s most successful and rapidly growing private businesses. Since its establishment in 1992, the IT company has been putting the “service”…

Microsoft Office Auditing Case Study

How One Client Saved 28K with Microsoft Office 365 Auditing

By Intrust Man | June 16, 2022

We saved one client over $28,000 per year on Microsoft Office 365 licenses through our Office 365 auditing process.  Here at Intrust, almost all of our clients use Microsoft Office 365 licensing for some combination of email hosting, Office software, and Dynamics CRM. Sometimes clients who had Microsoft 365 prior to their relationship with Intrust…

Managed Microsoft 365 featured image

Managed Microsoft 365: 9 Benefits of Managed IT Services

By Tim Rettig | June 16, 2022

If you are using or considering Microsoft 365 for your business? Consider this: Managed Microsoft 365 is even better. Managed 365 means that a managed service provider (MSP) correctly configures, optimizes and provides ongoing support for your Microsoft 365 installation. Here are nine reasons why your company should partner with an MSP for your Microsoft…