Secure File Transfer: Debunking 3 Myths

4 min read
File Transfer Myths

File Transfer Myths

Nowadays people are sharing increasing amounts of data, but sometimes resort to methods that are neither secure, nor compliant with data protection policies. And mistakes with file sharing happen regularly which can lead to costly data leaks. Take for example Heathrow airport. A few years ago an employee misplaced a USB drive containing some personal information on passengers and other staff, and the drive was also not encrypted or password protected. There were some reports at the time that the files on the drive included the Queen's security and travel itinerary, but this was not confirmed. It was ultimately discovered by a member of the public and given to a media outlet. This seemingly innocent mistake resulted in a fine of £120,000 from the Information Commissioner’s Office (ICO) and may have had national security implications.

Why do these kinds of incidents continue to make headlines in the news? Why are organizations sharing files unsecured? Do they not know better, or are they sincerely presuming their method is the safest way? In this post we break down 3 myths about file transfer, so that you can share information securely.

Myth 1: Using an encrypted USB flash drive is safe

Since the inception of the GDPR, organisations must report data leak incidents promptly and throughly to their respective national authorities. The default example of a severe data leak is a lost USB flash drive. Anyone who receives the USB flash drive can potentially access the data. Now, this can be frustrating when the drive contains holiday pictures, but that's not the end of the world. If this USB flash drive contains sensitive information about tenants, patients, or citizens, that’s when you’ve got a real problem. But encryption, that helps right? Not 100%. Anyone who has access to the USB flash drive has access to the encrypted data. There is no way to determine whether unauthorized persons have accessed and copied the data to their own disk to crack the encryption, for example. The encrypting method makes slightly or even much harder to gain access to the data, but it doesn't make it impossible. Having encryption alone is not enough. Access restriction and logging are indispensable for optimal security, and that’s challenging with a USB flash drive.

Myth 2: My sensitive data remains secret when I use free file transfer.

To many, a USB flash drive is considered old-tech now. The Internet offers excellent services such as 4shared, which also make it possible to securely transfer (large) files from A to B, doesn’t it? You are right, it does. However, the question then becomes whether free online file transfer services are safer or better than using a USB stick. For several reasons:

  1. Commercial purposes: The reason these services are predominantly free is that you pay in a different way: with your privacy, or by viewing advertisements tailored to internet behavior by these services or third parties by using so-called cookies. This does not happen with a USB flash drive.

  2. Big brother might be watching: Is the data stored in America? If so, the files are subject to the US legal system. This means that, under the guise of the Patriot Act and the fight against terrorism, the authorities are allowed to see all files. This also applies to services such as WhatsApp or Dropbox. Here too, the question applies: would you prefer a USB flash drive?

  3. No protection against human error: More than 50% of the data leaks are caused by human error, such as addressing to a wrong recipient or attaching the wrong file. Existing services do not provide protection against this type of data leak. In fact, for most services, anyone who has access to the mail with the download link, has direct access to all files. The protection against unauthorized access is similar to that of a USB flash drive, because encryption or repairing the error is impossible. Access really means access.

Myth 3: Sharing sensitive data securely is difficult and costly.

The main reason for the use of USB flash drives and free online service is the ease of use. USB flash drives are always available and a service such as WeTransfer or Dropbox is easy to use. And when something is easy, we all are happy to use it. This implies that most professionals assume that safer solutions are too complex by definition. This may have been true in the past, but this myth now also has been debunked. With Zivver, you can safely send large files (up to 5TB!) from Outlook. No more workaround needed, and still safe. Don’t you use Outlook? Then use the Web App or the mobile app. Within a minute, you will be 'up and running'. And the best thing is: recipients don't need an account or app. It's that simple. 

What makes Zivver secure file sharing safe? 

  • Zivver stores the data encrypted. We cannot view the content of the messages that has been sent or received. Private really is private. 

  • Because all our ISO27001 certified data centers are within the EEA and not in America. 

  • Because we not only encrypt messages and files but also perform an extra check to make sure it really is the intended recipient requesting access. Only the person or people you want to give access will get it. 

  • Because we also check whether you are sending the correct file to the correct recipient. This is how we protect you from an error before you make it. That means no penalty and no need to make amends with a bouquet. 

  • Because we contractually agree with you that we do not use any of your data for other purposes, that we do not transmit data to third parties, and that we also do not work with third-party commercial cookies. No advertising, either targeted or unfocused. 

Convinced? Don't throw your old USB flash drive out just like that! Erase them with special software, or have them destroyed by a specialized company. Are you cancelling your use of an online service? If so, follow their instructions to remove as much of your information as possible.  European legislation really supports you and your rights when it comes to personal data. Make sure to use this.

Zivver has put together a detailed information page regarding secure email and file sharing. You can read more on this integrated solution here.

 

Written by

Renato Zamagna

Originally published on October 22, 2019

Last update on July 26, 2021