MPEG. PDF. DOC. or JPEG. – in a digitized world, data transfers and sharing files are as normal as changing socks. For private use, it might not be a big deal which provider one decides on. As for a business, however, the risks are greater. The wrong provider can jeopardize the security of confidential material!
In a world where 70% of UK firms will allow their employees to work remotely (Statistics: Charity Digital News/Sage), transferring files over cloud services is a great way to stay connected with other remote workers. However, there are concerns businesses should have regarding the provider their employees choose to work on.
Though it is reducing cost, using free software for storing and sharing confidential documents is not the best way to go in terms of data protection. The user is often not informed where exactly their data will be physically stored, and there’s a risk of data theft due to vulnerability in other files on the same platform. The security risks taken when using a free, non-certified solution to transfer documents can also be hidden behind a branded name. Dropbox, Google Drive, and Yahoo’s cloud are just some of these. A couple of years ago, the commonly known cloud provider Dropbox was exposed to a cyber-attack. It resulted in the leakage of 68 million user accounts and their information. This type of breach has also been the case for Yahoo and Google, which both have their cloud services frequently used for business purposes.
The security risks of free software
It’s easy to think that because a provider is popular, it is using encrypted data transfer and therefore is a safe solution. That is not always true either. There are still occasions where data can be subject to unauthorized access. The explanation according to the Information Commissioner’s Office (ICO) is that metadata isn’t always encrypted, depending on the web host or software. Some cloud storage providers are not even as safe as they are portrayed to be. Sometimes passwords or encryptions are only put in place to ease the user’s mind, but very easy for hackers to get through.
What to consider when choosing a certified or non-certified provider
Some of the non-certified providers do offer a simple type of encryption or authentication giving a false sense of security. Though they still can’t promise to keep the data safe. When sharing, identity assurance and password protection are not enough as the MITC-hackers can get through it. There also needs to be a valid server certificate in use to ensure that the provider is secure and will withstand cyber-attacks.
With an uncertified solution, no one can account for where the information goes through, or where it is being stored. With a certified solution, depending on the provider, one can trust that the documents are kept safe.
Here are some of the important points to think (and ask!) about before choosing which provider will store and share your files:
- Make sure all data is accounted for
If a provider only covers the document security but not the metadata, then the security is not strong enough. Be sure to ask these questions before choosing to go with a solution.
- Price is not a guarantee
When paying for a service, normally there’s an assumption that it will guarantee the most secure solution possible. Unfortunately, that is not always the case. The encryptions used by the software can be a good indicator to understand if a solution is safe or not. The AES-256 encryption is the most frequently used Advanced Encryption Standard today, and it has the most secure encryption algorithm on the market.
- Where are the servers allocated?
All might be fine and dandy with the security of a provider. However, if your provider has their servers in the US, they are placed under the Freedom Act. Documents are not necessarily unsafe when stored in the USA, but can then be subject to governmental control and end up in hands of others anyway.