Businesses today rely on online file management and worldwide file transfer to compete as our economy becomes more digital and more global. Businesses also have a variety of needs when transferring documents securely from point A to point B.
Each file transfer should include security features that will avoid man-in-the-middle attacks. This type of attack is similar to eavesdropping on a conversation. There is a possibility your data could be intercepted by someone “listening in” during the transfer between your computer and a server or other device.
Secure file transfer methods are designed to keep your company from experiencing a breach of data during transfer. From simple online file shares to transferring large files and video on a regular basis. Here are three secure file transfer methods that will help you send big files securely in 2018.
1. SFTP the Secure File Transfer Protocol
SFTP is a separate protocol from FTP. It uses SSH keys which is the “S” part of SFTP. And also what makes this protocol a secure file transfer method.
For secure SFTP file transfers, SSH keys or a user ID and password are required to connect to the server. Your FTP and file sharing service should provide information on setting up SSH keys for your account. SSH protocol includes a public key and a private key, which authenticates the server and the user.
When using SFTP for file transfers, the connection is always secure. SFTP used encryption and cryptographic hash functions to make sure your data is not readable to anyone during file transfer.
If you are looking for a reliable way to upload and transfer big files, a hosted FTP service that supports direct SFTP connections is ideal for your business. One plus of choosing SFTP as your secure file transfer method is it being firewall friendly and uses a single port for connections to the server. A single open port allows for faster file transfers between client and server once the connection has been authenticated.
2. Turn up your File Transfer Protocol Security with FTPS
FTPS is an extension of FTP. It uses TLS (Transport Layer Security) or SSL (Secure Sockets Layer) encryption for security you don’t get with standard file transfer protocol (FTP). This additional layer provides a secure connection between client and server.
The FTPS protocol needs the following to connect and allow file transfers:
- User ID
- Certificate (the server’s certificate)
FTPS does use multiple port numbers to connect and complete your file transfers. The first port is for authentication and commands. After authenticating and establishing a connection with the server, every file transfer request opens another port. Some may argue that multiple ports open could pose a security issue.
This secure file transfer method excels at server to server file transfer. FTPS is ideal when you need to access the FTP server from personal devices. Software developers using .NET framework often use FTPS as their secure file transfer method.
You may find less support for and more configuration needed when using FTPS. But, the use of TLS & SSL cryptographic protocols that are part of FTPS makes this a preferred file transfer method for many businesses.
3. Encrypted Website Connections
HTTPS is the Hypertext Transfer Protocol “Secure.”
That stuff that comes before the www when you visit a website. HTTPS signals an encrypted website connection vs. HTTP. The HTTPS protocol is how a web browser communicates with websites. And it is important to know about if you are using a web interface to access your files.
HTTPS can’t be monitored or tampered with. No man-in-the-middle attacks. HTTPS checks the website security certificate and ensures you are talking to the real website, not an impersonator. Today, many websites default to HTTPS so others can not see what you are doing. However, it is a good idea to check the hypertext transfer protocol when visiting new websites or if you get warnings or pop-ups verifying you want to go to a particular site. Look for HTTPS at the beginning of the web address or look for the lock symbol before the website name in your address bar.
HTTPS works in tandem with SSL (the secure sockets layer that adds the encryption part of FTPS). Your browsing privacy with HTTPS only allows other to see there is a connection to a secure site. They can not see specific pages you visit or any additional browsing information.
As a secure file transfer method, HTTPS is best for banking, sending payments, and transferring private or sensitive data from a user through a website. Any transfers requiring a password should only be sent with the HTTPS protocol. Such as filling out a form online.
Tips for Secure File Transfer Worldwide
There are protocols for a variety of different data and file transfers. Whatever secure file transfer method you choose, there are a few additional things that can mitigate security concerns and improve workflow.
Data security is on everyone’s mind. Look for an FTP and file sharing provider that is GDPR compliant. The General Data Protection Regulation was designed to give EU citizens more rights over their personal data, but impacts every U.S. business that has EU customers. With our global economy, GDPR compliance should be the standard everywhere. It shows that in good faith, a company has does their due diligence to take data security seriously.
Check for compliance with other laws and regulations. Specific industries and types of data may need additional security compliance to meet government requirements. For example, Privacy Shield Certification in the U.S. and EU includes data protection requirements when transferring personal data.
Utilize permissions for your file sharing account. Choose a company that allows you to set up new users with granular permissions. Don’t get caught not knowing who accessed your files or how a file got deleted. Granular permissions should allow you to give each user the access rights you want them to have – uploading, downloading, read-only, delete, restricted access to specific folders, all access admin privileges, etc.
Activity logs & Notifications
Use activity logs and notifications to track your secure file transfers vs. email chains. Email can get messy with ongoing threads and is not a recommended secure transfer method. The activity log on your file sharing account will show you all user activity and can easily be filtered by day or username. Notifications alert you when specific files have been uploaded or downloaded. Notifications help you keep track of the who, what and when for your file shares.
Finally, having one place to manage all of your business files reduces the security risks. A web based file manager with custom branding options turns your file sharing service into part of YOUR business. (Accessing via HTTPS of course.)