Managed file transfer: Best practices to ensure security

     

connected-lightwell-3Employees partake in more file transfers than many of them may realize. Especially with the emergence of bring-your-own-devices practices, businesses could be exposing their sensitive data during these processes. In order to ensure security and prevent any unauthorized access to this sensitive content, enterprises must have a policy in place for managed file transfers that includes industry best practices.

Derek Brink, Aberdeen Group's vice president of information technology and research fellow, noted that file transfers should take place within a protected environment and provide a way to support productive collaboration and integrate business processes.

"It sounds so easy, but a detailed look at your enterprise file transfer activities will likely reveal multiple modes and multiple use cases already in place, implemented with a hodgepodge of digital 'do-it-yourself' approaches," Brink wrote.

With proper managed file transfer software in place to govern these activities, however, corporate leaders can unify these processes while ensuring the safety of their mission-critical business information. Such a policy can include considerations like:

Encryption for data at rest and in motion

One of the first things to look for within a managed file transfer solution is encryption. This protection measure should be in place not only with data at rest, but particularly with data in motion to prevent documents from being intercepted by an unauthorized viewer. Jscape contributor John Carl Villanueva pointed out that while files are sent, they are transmitted in plain text, making it very easy for prying eyes to gain access to the data. With encryption in place, however, only those with the decryption key are able to decipher the information.

"Even if those crooks succeed in intercepting your files, all they'll see will be 'garbled' messages," Villanueva explained.

Ensure industry compliance

\When establishing or updating managed file transfer at a company, decision-makers should factor in the firm’s compliance needs. These can include industry-level rules that govern how documents are transmitted within a business's particular sector. For example, eWEEK contributor Chris Preimesberger noted that healthcare organizations must adhere to guidelines within the Health Insurance Portability and Accountability Act. In order to ensure compliance with all rules and regulations, enterprises can consider bringing in a third-party assessor or IT consultant to perform a security audit.

Protection through strong authentication credentials

Every user with access to the file transfer system should have an individual username as well as a unique, lengthy password. This not only provides an extra layer of protection, but can offer added oversight for system managers. Villanueva also advised utilizing two-factor authentication, which requires employees to enter their username and password, and also confirm their identity through a phone call or single-use code sent to their mobile device.

"Even if a hacker manages to acquire a username and password, he won't be able to login to your server if he doesn't have the corresponding user's phone," Villanueva noted.

Educate employees

Once the managed file transfer approach has been established, managers should educate their employees on their responsibilities. When staff members have an in-depth understanding of why the system is in place as well as what protection measures it contains, harmful shadow IT practices can be prevented.

If you liked this article, see more managed file transfer resources from Lightwell:

Get our on-demand webinar to hear from the MFT experts: