MPEG. PDF. DOC. or JPEG. – in a digitized world, data transfers and sharing files are as normal as changing socks. For private use, it might not be a big deal which provider one decides on. As for a business, however, the risks are greater. The wrong provider can jeopardize the security of confidential material! In a world where 70% of UK firms will allow their employees to work remotely (Statistics: Charity Digital News/Sage), transferring files over cloud services is a great way to stay connected with other remote workers. However, there are concerns businesses should have regarding the provider their employees choose to work on. Though it is reducing cost, using free software for storing and sharing confidential documents is not the best way to go in terms of data protection. The user is often not informed where exactly their data will be physically stored, and there’s a risk of data theft due to vulnerability in other files on the same platform. The security risks taken when using a free, non-certified solution to transfer documents can also be hidden behind a branded name. Dropbox, Google Drive, and Yahoo's cloud are just some of these. A couple of years ago, the commonly known cloud provider Dropbox was exposed to a cyber-attack. It resulted in the leakage of 68 million user accounts and their information. This type of breach has also been the case for Yahoo and Google, which both have their cloud services frequently used for business purposes.
The security risks of free softwareIt's easy to think that because a provider is popular, it is using encrypted data transfer and therefore is a safe solution. That is not always true either. There are still occasions where data can be subject to unauthorized access. The explanation according to the Information Commissioner’s Office (ICO) is that metadata isn’t always encrypted, depending on the web host or software. Some cloud storage providers are not even as safe as they are portrayed to be. Sometimes passwords or encryptions are only put in place to ease the user's mind, but very easy for hackers to get through.
What to consider when choosing a certified or non-certified providerSome of the non-certified providers do offer a simple type of encryption or authentication giving a false sense of security. Though they still can’t promise to keep the data safe. When sharing, identity assurance and password protection are not enough as the MITC-hackers can get through it. There also needs to be a valid server certificate in use to ensure that the provider is secure and will withstand cyber-attacks. With an uncertified solution, no one can account for where the information goes through, or where it is being stored. With a certified solution, depending on the provider, one can trust that the documents are kept safe. Here are some of the important points to think (and ask!) about before choosing which provider will store and share your files:
- Make sure all data is accounted for
- Price is not a guarantee
- Where are the servers allocated?
published on 2018/02/03