10 Common File Transfer Risks and How to Avoid Them

Have you ever caught yourself saying one of the following?

  • “We don’t have an IT department, so I FTP from my desktop.”
  • “I don’t need special software to transfer files; I have email.”
  • “We’re a small/mid-sized organization. We don’t have to worry about risks.”
  • “As a large company, I’m pretty sure we have this covered.”

It’s easy to assume you’re protected from vulnerabilities. Unfortunately, though, you might not be.

File transfer risks are everywhere these days—in emails, on open ports, and through use of unsecure technologies like FTP or the DMZ, just to name a few. Most organizations have discovered the benefits of instructing their teams on strong cybersecurity practices and protocols, but even the most knowledgeable can fall victim to hidden data vulnerabilities.

Are you protected against commonly missed exposures when sharing or transferring your files? Check your processes against this list to find out.


Risk #1: Giving away user IDs and passwords via FTP transfers.

FTP isn’t a secure transfer protocol. Even worse, it doesn’t encrypt user credentials—that data is sent in the clear. That means your files, including important sign-on information, can be sniffed and stolen during transit.

What’s the solution? Use secure protocols (i.e. SFTP and OpenPGP) and encrypt your passwords/user IDs to ensure they aren’t exposed or stolen while you’re transferring files.


Risk #2: Sending unsecured plain text emails.

Using regular emails to send mission-critical files means that sensitive data is communicated through a vulnerable platform. Not only is the data stored on your mail providers’ servers, where it can later be compromised, but there’s always a risk that an email will be sent to the wrong recipient.

What’s the solution? Utilize a secure mail server and take advantage of encrypted file storage retrieval with password access to avoid sending important information via vulnerable emails.


Risk #3: Exposing data to the DMZ (Demilitarized Zone).

Files are often temporarily stored in the DMZ by trading partners, and these files are at a higher risk of being accessed by hackers because the DMZ is more exposed to the internet. Using the DMZ can also require the use of manual scripts, which can in turn create more vulnerabilities.

What’s the solution? Don’t store your data in the DMZ! Instead, install a reverse proxy gateway and keep all data, even files from trading partners, inside your private network.


Risk #4: Having open ports in your network.

Inbound firewall rules allow hackers to gain basic access to your network. This can give them enough privileges to compromise your environment and get into your critical applications, services, and even your production systems.

What’s the solution? Eliminate your network’s open ports by communicating through a reverse proxy, and avoid risk by ensuring your PC firewalls and security patches are maintained.


Risk #5: Using your own proxy software.

While it may be cheaper up front to make homegrown solutions for your organization, implementing your own proxy software often means using older technology that has misleading or incorrect configurations. Furthermore, inbound and outbound port configurations are required.

What’s the solution? Swap out your homegrown proxy for modernized reverse proxy technology and maintain control within your private network (again, not in the DMZ).


Risk #6: Writing and maintaining scripts.

Manual scripts are prone to human error. They are time-consuming to create, difficult to maintain, and frustrating to audit. A lack of security mandates and compliance reporting for scripts make them a liability in the case of a data breach.

What’s the solution? Ditch the scripts. Use a centralized, role-based scripting solution to process your file transfers. Bonus points if it sends you error notifications and includes auditing and reporting functionality.


Risk #7: Using free, outdated PC applications.

PC applications can be risky and antiquated. They often need dedicated personnel for administration, and because they’re free, they’re usually dependent on community advice and reporting for issues, bugs, and updates.

What’s the solution? Invest in a secure file transfer solution, one that provides administration and training, offers help with compliance, and is regularly updated.


Risk #8: Not having proper key and certificate management.

Without a solid KMS (key management system) in place, you’re more vulnerable to hackers and renegade employees gaining access to your systems. Stolen user IDs and passwords can be used by anyone, but keys and certificates can’t.

What’s the solution? Implement proper key and certificate management by installing an encrypted key management system with role-based and logged access to key or certificate updates.


Risk #9: Lacking internal security controls.

Many places that need security are often overlooked, including customer sign-ons, allowed IP addresses, automatic IP blacklists, and unblocked brute-force attacks.

What’s the solution? Reinforce your internal security controls! Get granular with your cybersecurity and build a secure infrastructure that allows communication with controlled access.


Risk #10: Not securing your system with the right permissions.

Remember, FTP is not a secure method for transferring important data. You are vulnerable if you use it in your organization!

What’s the solution? Avoid FTP. Disable it and use SFTP, FTPS, HTTPS, or AS2 instead to safeguard your communications.

For more information on each of these commonly-missed vulnerabilities, watch this free, on-demand webinar from GoAnywhere: Are You Avoiding These Top 10 File Transfer Risks?

Source: HelpSystems

July 30, 2018

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...