How you´re transferring data may not be as secure as you think

By - Tamara
01.07.21 10:45

How do you ensure that the files you share with other parties remain secure during and after the transfer? Without a doubt, transmitting files via any communication channel hurls the information into an abyss of potential risks, including interception and theft by cybercriminals. It helps to know how to secure files and data to ensure that your transfer is safe.  


This post explores some of the most common channels used to share files and data and the potential threats when sharing data with those methods. We also present some of the breaches that have happened using such channels and the best solution to prevent such incidents in the future. 

Most Common Channels Used to Share Files and Data

As James A. Martin of Computerworld writes, most file and data sharing services have evolved into full-blown collaboration platforms to meet the dynamic needs of users increasingly deploying file-sharing services. As of 2020, 3 in 4 people share files online. Currently, users have nearly endless options as far as data sharing goes. On top of acting as an exchange channel, a wide range of these services offer additional capabilities like cloud storage and data syncing across multiple devices. We discuss some of the services that individuals and businesses use to share information. 

Common Channels to Share Files and data
Common Channels to Share Files and Data

1. Email

An email service is the most basic service for sharing files and data quickly. Users are spoilt for choice with free emails, such as Gmail, Outlook, ProtonMail, HubSpot, Zoho Mail, Yahoo Mail, iCloud mail and many more. No matter what email service you use, you are bound to have employed it severally to share files with colleagues and friends. Up until now, people predominantly use an email service because it’s so easy – simply write your message and attach your files and hit send. Not only that, using email offers real-time data sharing capabilities. No matter which service is used there are file size limitations which have to be considered. 


Statista reports that in 2021, 4.03 billion people use email worldwide, a number that experts expect will grow as high as 4.8 billion by 2024. Based on the figures, no platform even comes close to the potential reach of email. The Radicati Group market research firm predicts that the total number of business and consumer emails sent and received per day will exceed 347 billion by year-end 2023.

2. WeTransfer

WeTransfer is a cloud-based online platform designed to allow users to transfer different files to other users. Unlike email services that are ostensibly slow when sharing large files, WeTransfer allows you to send large or heavy files. Having made a name in the game of quick and straightforward file-sharing, WeTransfer has grown into a collection of tools designed for and inspired by the vendor’s creative process. 


A 2020 survey by Nordlocker found that 10 percent of users deploy various file transfer services, such as WeTransfer, to share files.

3. Dropbox and Box

It is common to mention both Dropbox and Box together, as the two data transfer and storage services are frequently pitted against each other. Both vendors offer multiple plans for business and personal accounts. While Box offers two personal storage plans, the solution mainly targets enterprises, with features and user experience tailored to the CIO and IT department needs. On the other hand, Dropbox started as a consumer-facing product and gradually made its way into the workplace in the form of consumerized IT. 


It is essential to note that both services are upping their game while going full-throttle into cloud content management and enterprise collaboration by integrating with other third parties like G-Suite. 

4. Citrix ShareFile

Citrix ShareFile allows you to use any device to access your files securely, share data, and create time-saving workflows. With this service, employees can give real-time feedback, request approvals, co-edit, and even get legally binding e-signatures seamlessly in different environments. Additionally, ShareFile provides real-time tracking, making it easy to know exactly where things stand. 

5. Google Drive

Google Drive is a no-brainer for users firmly ensconced in the Google ecosystem. The service integrates with other Google apps, such as Gmail, Google Forms, Google Docs, and Google Sheets. Other third-party apps, such as Dropbox, Airtable, Trello, Facebook Lead Ads, Slack, YouTube, SoundCloud, and Calendly, can connect with Google Drive. This feature keeps all your files organized and up to date enabling you to share files and update documents with other users. Some 35 percent of respondents in the 2020 Nordlocker survey revealed that they use cloud services like google Drive to share files.

6. Microsoft OneDrive

As is the case in Google Drive, Microsoft OneDrive integrates smoothly with other Microsoft products like Office 365 and mobile apps, offering real-time collaboration in Microsoft Office documents. Users can save their files to OneDrive and access, share, or edit them from any device, anywhere. Besides, multiple users can collaborate in real-time using OneDrive. 

Likely Threats When Sharing Data with These Channels

Employees often download, install and use file transfer services that present various security, governance, and control challenges. Most file-sharing services are, in principle, completely insecure ways of data sharing, which could expose your business to a myriad of far-reaching security threats. Hackers can exploit such threats to steal sensitive information, resulting in reputation damage, high incident response costs, lost customers, reduced revenues, and regulatory compliance penalties. 


Most of the file-sharing products reviewed in this post promise that their services are reliable and secure. However, a wide range of cloud-based business and consumer-grade file-sharing solutions introduce different risks, such as the ones discussed below:

1. Susceptibility to Attacks

Emails and other data sharing services may ask you to open specific ports on your firewall to transmit files. Doing so is as good as giving the attackers access to your network or enabling them to identify and exploit vulnerabilities existing in data sharing applications. There are multiple ways in which cyber criminals abuse the convenience of data sharing apps in your cyber landscape. They are aiming for the convenience of these services for credential harvesting and distributing malicious files and links.  


On their own, emails are neither encrypted nor authenticated in any manner. This fact means that the file-sharing services grant access to people beyond the sender and the recipient. Meanwhile, thirty-two percent of US users and 20 percent of UK users have clicked on a link in a scam email, with 8 percent of the victims experiencing a ransomware attack that blocked all their files. 

2. Loss of Control over Data

A common drawback of most file-sharing options is that users lose control over their data. Using file-sharing apps, including email services, takes sensitive information outside a company’s IT scope, which means that the data is out of your security control. Businesses have run into security breaches because of using these file-sharing tools on work devices. 

3. Low Visibility on Data Flows

Most file-sharing services outside your IT environment scope hinder complete visibility into confidential data exchanges. Without visibility into data flows, security and IT personnel cannot adequately track or secure information entering or leaving the company. In turn, such poor transparency inhibits your security and compliance efforts and raises risks of cyber threats and non-compliance with internal policies and external regulations.

 

In an embarrassing security incident of June 2019, file-sharing service WeTransfer sent users’ files to the wrong inboxes for at least a full day. Worse still, the company admitted it could not figure out what happened. One of the victims in the incident speculated that WeTransfer may have been hacked.

Twitter-Statement after WeTransfer security incident in 2019

4. Installation of Malware

When you use peer to peer file-sharing application, it is difficult, if not impossible, to verify that the source of the service is trustworthy. Hackers often use such apps to transmit malicious code and to incorporate spyware, viruses, worms, and trojan horses into the files.


The Hacker News in 2020 posted that a Google Drive feature could let attackers trick you into installing malware. Hackers could exploit an unpatched security weakness in the service to distribute malicious files disguised as legitimate documents or images. The flaw could allow criminals to perform spear-phishing attacks comparatively with a high success rate. Similar incidents could affect file-sharing apps in the future.  

Sharing Data and Files Securely

What steps can you take to prevent threats against data and files during and after transfer? How can businesses prioritize data security in times of industrial espionage, organized cyberattacks, viruses, social engineering, and other digital threats? 


As Paul Kubler, a Cybersecurity and Digital Forensic Examiner at LIFARS LLC, states, “Companies need to find secure alternatives for their employees to share documents that they can deploy at the enterprise level. Without this, employees may use a plethora of free vendors, have numerous accounts, and none are being audited or monitored.” Secure file-sharing services allow users to share data between different entities within a protected mode that prevents intruders and unauthorized users from accessing the data.


However, the situation becomes critical when data is exchanged across national borders, such as between European countries and the USA. At the initiative of data protection activist Max Schrems, both the Safe Harbor agreement and its successor, the Privacy Shield, were overturned. This largely removed the legal foundation for commercial data transfers to the USA. According to the ECJ (EuropeanCourt of Justice), there is no comparable level of data protection in the USA as in the EU. The U.S. Cloud Act in particular is viewed critically, as it grants the U.S. intelligence services extensive rights to access companies' data.

The way out for some cloud providers is to introduce so-called "data borders" to offer customers the supposed security of having their data processed and stored exclusively in the European Union. All the same, the cloud providers remain responsible for the cloud data. Companies from U.S. states are therefore still subject to U.S. jurisdiction. However, the right of access for US national security services can be technically circumvented if the customers themselves effectively protect their cloud data and take control of the encryption themselves. This is possible with MyPrivacy SafeSpace.


MyPrivacy SafeSpace is a comprehensive Cyber Security solution to exchange documents and data with third parties where special compliance requirements apply. Based on patented cryptographic technology and mathematical proofs MyPrivacy redefines state-of-the-art IT Security.  The solution provides a set of tools to prohibit unauthorized access, manipulation of data in transit or at rest. Some highlights how MyPrivacy ensures data sovereignty and high end security are listed below.

  • Metadata Obfuscation & User Anonymity - at a time when even metadata and know-how about relationships between users can reveal sensitive information, unauthorized third parties (service providers) must not be given access to this data under any circumstances.
  • Multi-cloud-approachMyPrivacy is based on the latest technologies that allow the product to work with any cloud services, such as Microsoft Azure, Amazon AWS, Google Cloud or others.

  • Personalisation and traceability - wherever tracing of downloaded documents is relevant - watermarking, digital signature and steganography allow visible or invisible personalisation of the documents to the recipient. It replaces trust with control.   

  • End-to-end encryption – as soon as the user saves a file, it is encrypted on his device and securely transferred to the storage. This feature guarantees that only the data owner or authorized share partner can access the data, effectively maintaining its secrecy.


Learn how MyPrivacy protects your company’s sensitive data and liability beyond blockchain and cryptography. Book your MyPrivacy demo now, and an expert will contact you shortly to schedule a convenient time with you.