In this article, I’d like to discuss one of the best ways to share files securely. In business operations and even in our personal lives, we often have to share confidential documents with others for various reasons but we have to make share the files are shared as securely as possible. For example, in business, our existing and prospective clients ask for certain documents like audit reports, company policies and procedures, insurance certificates, and organizational charts which may be considered sensitive and confidential to some businesses. Although, some require copies of these documents to retain, others just want to validate their existence and review the contents. The degree to which others can request and retain company documents is probably something that must be established in the memorandum of understanding when the two companies sign their contracts, however, once we establish that understanding, we have to make sure that we share files securely and according to the contractual agreements.
Although companies may just encrypt or password protect a file before sharing, it must be noted that this process of securing files is not completely without risks and there are software tools which can secure the entire file sharing process. For example, I started using ShareFile to create a Virtual Data Room (VDR) for securely sharing files with clients and although this is a not a relatively cheap tool for individuals to use, it is worth the investment for business file sharing securely while having some control options which I will attempt to explain.
First, let me throw in the only risk that I see with using these file sharing software tools. When you purchase the system and setup your account, you must create a folder to be shared with any internal or external party for as long as they have an email address. After you setup the folder, you must then upload the files that you want to share which brings me to the risk I wanted to bring up. The files that we upload reside on a third party server and although the website is HTTPS for encrypted transmission, we have no way of knowing if the files stored on their servers are encrypted or what their security controls, settings, and access permissions are. But, knowing that this is their main business, we have to assume that they also understand and mitigate the security risks on their end which we can also validate by reading over their SSAE 16 audit reports.
Now, once files are uploaded, you can add users and give each user specific access to the folder which may be admin, view only, download, upload, and various notifications. If your client requests to just view the files, then you can set the access up for view only with upload notification which will notify the person when you upload a new document to the folder. With this option, downloading, printing, and saving a file is not an option and therefore a more effective way to share files securely and according to the established understandings and requests.
Given the risk of storing the files on a third party service provider server, I still prefer this tool with its many options to share files securely than to encrypt or password protect a file to be shared with clients which may lead to follow up questions related to errors, new password requests, and proliferation of files via copying and sharing. When understanding and comparing the risks of directly sharing password protected files with multiple parties vs. storing our files on one potentially unsecured server, I think the latter beats the first option. At least, with a centralized file storage and sharing capability, we can limit our risk to one server and not thousands of unintended people potentially accessing our files. I say this because once we share a file with others, we really have no idea what happens to the file in terms of where it is stored, who has access to them, to what extent it is distributed, etc. At least with a centralized file sharing service, we have logging capabilities and stats showing us who accessed which file, when and for how long.
Visit the workplace information protection page to read about other options to share files securely.