External file transfers – do they need to be risky business?
We all know that 2020 has been the year where everyone, every business, every institution had to adapt. Starting with remote working, which lead to a radical change in where we store our data and how we access it- with this often being synonymous with using Cloud services.
Schools, colleges and universities (perhaps more than any other sector), were rushed into this new approach, and as a result experiencing the highest level of ransomware attacks according to Sophos. This even included the prestigious University of Oxford, and its very own laboratory working on Covid vaccines.
Paradoxically, the speed of these changes mean that IT administrators are aware of the security risks, particularly around ransomware. Helped by some recent high profile cases in the media, best practices have made their way into
the minds of IT staff; importance of protecting their cloud data, regularly testing backups, and more broadly, having a solid disaster recovery plan in place.
However, this has led to the seemingly benign and unsophisticated functions to go under-scrutinised: namely, sharing of data. In a sector increasingly intertwined with industry, with research laboratories locked into a global competition, universities need to match the standards expected in the Corporate and Defence sector. Beyond the need to protect valuable research data, universities need to abide by global standards such as GDPR and ensure that data is shared in a controlled manner. Email attachments, Instant Messaging apps, public cloud storage, all of these contribute to making it impossible for IT teams to track and control what is being shared and when.
This is where it becomes essential to move your academics and student body to a modern file transfer solution, which allows to combine more convenience with added security for all parties involved.
So, what should an IT administrator be looking for in a modern and solid file transfer solution in 2022?
Encryption: this is an absolute must-have, with preferably a military-grade encryption level, typically AES-265, to ensure files cannot be read if the storage is ever breached. A robust solution does not leave weaknesses in the overall design: the strongest possible encryption is a waste of time if user chose encryption key easily guessable. Modern solutions, such as Synology’s C2 Transfer add extra security layers by calculating encryption based on the email of the sender, helping add additional complexity.
Identity check: When sharing confidential files, there is always a risk that the link is intercepted, possibly sent to the wrong email for example. It is therefore essential that the solution “checks” that the person looking to access the link is authorised. To ensure this vital check does not come at the expense of the user experience, a unique One-Time-Password can ensure research files do not end up in the wrong hands.
Controlling who shares what: The minute we give students and staff the possibility to share data, we should expect that the wrong data will be shared with the wrong person. It is therefore essential that users can restrict file access. Ensure the file transfer solution allows to control the number of downloads allowed, ideally a simple option to “download only once” will mean that after the intended person accesses the data, the link will expire. If an entire team of researchers need to access the data, then it is vital users can set expiry dates after the link is inactive.
As essential as these features are, IT administrators cannot solely rely on the goodwill of users. This is where policies become useful, as they allow you to enforce that “whoever shares a file must set a number of downloads” or alternatively, “must set an expiry date”. Whatever the size of the organisation, you will want to set boundaries for more junior users and give more flexibility to senior member such as professors, it is therefore good to see if the solution entails groups and policies.
Solid infrastructure & fast transfers: whilst this may sound more like a purely sales feature, it is vital that students and staff adopt your file transfer solution. Beyond a well-designed interface, the speed of upload and time for the receiving party to download and access are absolutely critical to that adoption. What is the risk of going for a cheaper provider, who may have limited servers throughout the world and therefore slower speeds: users will revert to file transfer apps they may use personally, but not integrated into the university’s infrastructure, and over which you have no control or visibility, potentially open to being hacked and your data being leaked.
This brings us to a last important consideration: a modern file transfer solution needs to integrate with the rest of the university’s setup. Whilst convenience can directly benefit, more prosaically, tying the file transfer platform into the same account system will mean a lower risk of breach.
So, to all IT administrators in universities and research institutions, in this fast-evolving environment, it is imperative to anticipate the coming challenges, and ensure that you can not only recover swiftly from security breach, but avoid the breach altogether by ensuring users are interacting and sharing data on a modern and secure file transfer platform.
Responses