Security continues to be top of mind for those in the business of keeping their company’s data out of the wrong hands. To learn where organizations are in their security initiatives, HelpSystems surveyed more than 650 IT and cybersecurity professionals around the world. We asked about the top concerns and threats keeping people up at night, as well as the protective strategies they’re putting in place to mitigate risk.
What the survey revealed:
- 91 percent of respondents said security is important to their management.
- A surprising 28 percent of respondents said compliance doesn’t apply to them, even as compliance regulations are on the rise.
- 65 percent of companies struggle to balance strong security with business efficiency.
- Unsecure file transfers are a top concern for today’s IT and security teams.
Four Common File Transfer Challenges
When it comes to moving files securely both internally and beyond the purview of your company, there are four common challenges that can put the best business to the test.
- Human Error
Unfortunately, many organizations still enable employees to transfer files via simple tools such as FTP or email. Because this is a manual process, it’s prone to error and risk. For example, an employee responsible for sending a file at a particular time each day or week could simply forget or send the wrong file, negatively impacting a customer or vendor relationship. Likewise, someone could send the wrong file to the wrong person, such as giving a sensitive pricing list with vendor-specific discounts to the incorrect partner. Issues can also arise if the person who typically completes a file-sending task is out of the office and has a backup user unfamiliar with the process.
Another disadvantage of using outdated file-sharing technology like FTP or email is that users may look to FTP scripts to speed the process. However, scripts have many downfalls. For example, trading partner passwords are often stored within them. This means that if a hacker gets ahold of the scripts, they can access trading partner credentials. Also, these types of scripts typically have to be written by programmers who know exactly what they’re doing. Programmers are expensive resources for an organization to be dedicating to this type of work. FTP scripts need to feature auto-retry and error/success alerting capabilities, and they need to capture all activity in audit logs. This advanced functionality takes time to create. Additionally, whenever something changes, such as a trading partner’s credentials or a renamed file, a programmer has to be pulled off another project to make the update. Over time, companies can have hundreds or even thousands of these FTP scripts in use, which becomes almost impossible to manage without a better approach to automation.
- Lack of Encryption
End users can jeopardize sensitive data if they’re not given the right tools to encrypt and share it. Sensitive files (e.g., an ACH or payroll file) are sometimes kept in the “clear” on servers and can be downloaded onto PCs, making this data vulnerable to attack. These files can be sent as unsecured email attachments, and the user who downloaded them will likely forget to remove the sensitive file from their laptop after sending it. PCs/laptops are often more vulnerable to attack than back-end servers because they typically lack the strong security servers feature. Also, many end users rely on email to send sensitive files, not realizing that an email attachment isn’t encrypted. To add to this, the use of free file-sharing services such as Dropbox is on the rise, making file management a shadow IT function. This means IT loses oversight to files leaving the company when they go through unauthorized cloud-based file sharing services. This becomes a significant liability.
- No Error Alerts or Audit Logs to Meet Compliance Requirements
When end users send something via FTP/email, an FTP script usually won’t alert them when a transfer fails or succeeds. In fact, they may have to wait until a trading partner calls in to complain, which is ultimately poor service and potentially embarrassing. In addition, a lot of the legacy methods and tools in use don’t generate the audit logs needed to meet today’s compliance requirements. In fact, this is becoming a big issue for auditors, who will often ask for logs documenting when files leave the organization. If centralized logs can’t be generated, it’s difficult or impossible to find and filter data to show compliance with data privacy regulations such as PCI DSS, HIPAA, SOX, and the GDPR.
Best Practices for Secure, Efficient File Transfers
- Move away from unsecured technologies.Use secure protocols like SFTP, AS2, or FTPS to exchange files with trading partners—do not use standard FTP! Modern standards have authentication to protect files over public and private networks.
- Encrypt files in transit and at rest whenever possible. This is particularly important if you are staging files in the public-facing area of your network before transmission to your trading partner’s server. And because your trading partners may not have adequate security on their systems, you want to protect your files once they are received at an external location.
- Use automation wherever possible to eliminate errors. Set up batch workflows to automatically process files. Make sure you can receive success/failure notices, so you know the status of your file transfers at all times.
- Generate detailed audit trails. You should always maintain at least a year’s worth of activity. Some regulations may require you to keep logs even longer.
- Use a Managed File Transfer (MFT) solution to simplify and protect file transfers from a centralized interface.A proven MFT solutionwill enable you to solve each of these challenges and centrally manage secure file transfers to protect your data, your business, and your customers.
Learn More About GoAnywhere Secure Managed File Transfer
GoAnywhere MFTis a managed file transfer solution which streamlines the exchange of data among your systems, employees, customers, and trading partners. Deployable in on-premise, cloud, and hybrid environments, it provides a single point of control with extensive security settings, detailed audit trails and reports.
See it in action by requesting a custom demo.