log4j Vulnerability and ExaVault
Reporting on efforts to monitor and audit systems around the log4j Log4Shell vulnerability CVE-2021-44228. Read More
Published on 26 Oct 2018 - Updated on 25 Mar 2021
Engaging with customers online and all over the world is common for most businesses these days. This means having secure file transfer methods in play is vital for any business to stay on top of their game.
Each and every file transfer — whether its customer orders, inventory data, client communications, or product documentation — needs to protect the data being transferred.
One way to ensure you are protecting customer data is to look for security features designed to protect from and avoid man-in-the-middle attacks. This type of attack is similar to eavesdropping on a conversation. The possibility that your data could be intercepted by someone “listening in” during the transfer between your computer and a server or other device. Secure file transfer methods make sure eavesdropping, as well as other breaches or privacy violations, do not happen.
Today, secure file transfer methods are designed to keep your company from experiencing a breach of data during transfer. From simple online file shares to transferring large files and videos on a regular basis, here are three secure file transfer methods that will help you send your business files securely.
SFTP is a separate protocol from FTP. It uses SSH which is the “S” part of SFTP. SSH is the ‘secure shell’ that acts as a privacy layer for your SFTP transfers.
When using SFTP for file transfers, the connection is always secure. SFTP uses encryption and cryptographic hash functions to make sure your data is not readable to anyone during file transfer.
For SFTP file transfers, SSH keys or a user ID and password are required to connect to the server. Your FTP and file sharing service should provide information on setting up SSH keys for your account. SSH protocol includes a public key and a private key, which authenticates the server and the user.
If you are looking for a reliable way to upload and transfer big files, a hosted FTP service that supports direct SFTP connections is ideal for your business. One plus of choosing SFTP as your secure file transfer method is it being firewall-friendly. SFTP uses a single port for connections to the server. A single open port allows for faster file transfers between client and server once the connection has been authenticated.
FTPS is an extension of FTP. It uses TLS (Transport Layer Security) or SSL (Secure Sockets Layer) encryption for security you don’t get with standard file transfer protocol (FTP). This additional layer provides a secure connection between client and server.
The FTPS protocol needs the following to connect and allow file transfers:
FTPS does use multiple port numbers to connect and complete your file transfers. The first port is for authentication and commands. After authenticating and establishing a connection with the server, every file transfer request opens another port. Opening two ports keeps your commands and data travelling separately.
This secure file transfer method excels at server to server file transfer. Software developers using .NET framework often use FTPS as their secure file transfer method.
You may find less support for and more configuration needed when using FTPS. But, the use of TLS & SSL cryptographic protocols make FTPS a preferred file transfer method for many businesses.
HTTPS is the Hypertext Transfer Protocol “Secure.”
We’re talking about that stuff that comes before the www when you visit a website. HTTPS signals an encrypted website connection vs. HTTP. The HTTPS protocol is how a web browser communicates with websites.
HTTPS can’t be monitored or tampered with. No man-in-the-middle attacks. HTTPS checks the website security certificate and ensures you are talking to the real website, not an impersonator. Today, most business websites default to HTTPS. However, it is a good idea to check the hypertext transfer protocol when visiting new websites or if you get warnings or pop-ups asking to verify you want to go to that particular site. Look for HTTPS at the beginning of the web address or look for the lock symbol before the website name in your address bar.
It is important to know what type of connection you have if you are using a web interface to access your files. For example, when entering information to place an order online, or requesting customer information in a form on your website.
HTTPS works in tandem with SSL (the secure sockets layer that adds the encryption part of FTPS). Your browsing privacy with HTTPS only allows others to see there is a connection to a secure site. They can not see specific pages you visit or any additional browsing information.
As a secure file transfer method, HTTPS is best for banking, sending payments, and transferring private or sensitive data from a user through a website. Any transfers requiring a password should only be sent using the HTTPS protocol.
Whatever protocol you choose, there are a few additional things that can mitigate security concerns and improve workflow.
Data security is on everyone’s mind. Look for a FTP or file sharing service that is GDPR compliant. The General Data Protection Regulation was gives EU citizens more rights over their personal data, but impacts every U.S. business that has EU customers. With our global economy, GDPR compliance should be the standard everywhere. It shows that in good faith, a company has done its due diligence to take data security seriously.
Check for compliance with specific regional, and other national laws and regulations. The CCPA (California Consumer Privacy Act) is one example of fairly recent regulation that has come into play in the United States.
Specific industries and types of data may need additional security compliance measures in place to meet government requirements. For example, Privacy Shield Certification includes data protection requirements when transferring personal data.
Utilize permissions for your file sharing account. Choose a company that allows you to set up new users with granular permissions. Don’t get caught not knowing who accessed your files or how a file got deleted. Permissions should allow you to give each user the access rights you want them to have – uploading, downloading, read-only, delete, restricted access to specific folders, all-access admin privileges, etc.
It is no longer effective to track anything in email chains. Email can get messy with ongoing threads and is not a recommended method to securely send information. Use activity logs and notifications to track your secure file transfers. The activity log for your file sharing account shows all user activity and can easily be filtered by date or username. Notifications alert you when specific files are uploaded or downloaded. Notifications help you keep track of the who, what and when for your file shares.
Finally, having one place to manage all of your business files reduces security risks. A web-based file manager with custom branding options turns a secure file transfer service into part of YOUR business. (Accessing via HTTPS of course.)
Need secure file transfer for your business? Sign up for ExaVault today!
Reporting on efforts to monitor and audit systems around the log4j Log4Shell vulnerability CVE-2021-44228. Read More
Server security and a plethora of features help you navigate worries. Read More