In 2018, it was estimated that more than 20 million people share files each day across a variety of platforms. Since the rise of remote work, that number has only skyrocketed. Every time your business shares a file internally, with a business partner, or to the public, the risk of that data falling into the wrong hands increases. Data in motion – data that is sent to and from computer systems, such as from the desktop to the cloud, or between mobile devices – is when data is most vulnerable to hackers. Secure data transfer should be a top priority for all IT teams. Here’s what to look for in a secure data transfer tool, some types of data transfer techniques, as well as some of the best tools out there to keep your data safe.
What to look for in a data transfer tool
Secure data transfer requires more than just a simple upload and send functionality. The process of transferring data securely requires three variables:
- Encrypt the data in motion
- Secure (and encrypt) the data at rest (e.g., once the transfer is complete)
- Require authentication from both the sender and receiver to verify the identities of parties and their permission to access the data being transferred.
Therefore, the overall process of secure data transfer requires a tool that’s encrypted – plus protected data storage location and a way to authenticate both parties involved in the transfer. Each of these elements must be user-friendly such that a non-IT employee easily use your data security software. If the tool is too technical for most users, it’s unlikely that they’ll follow the proper protocol to ensure it is kept safe.
Types of file transfer tools
One of the most common ways we transfer data is by sharing files over the internet. The security measure you choose to protect your files will depend on the type of file being transferred as well as who is receiving the information. There are five main types of file transfer tools:
- File Transfer Protocol (FTP): FTP transfer uses a command prompt window or a tool with a user interface. The sender specifies the file and the destination to where it will be sent. This transfer method typically works best with large files that are already public; FTP has no built-in security features, meaning you need an additional tool to make FTP transfers secure.
- Peer-to-peer (P2P): In a P2P transfer, an individual connects to a small network of peers and sends a file through the network connection. This type of file transfer is ideal for sharing files with a small group of people, privately – as long as your organization has strong network security.
- Cloud services: Cloud file-sharing employs a third party to allow a sender to upload data into a central repository – which can then be accessed by other users to download the file to their own device. Dropbox, Google Drive, and iCloud are examples of cloud file sharing.
- Email: Every time you attach a file to an email, you’re using your inbox to share data. Email is among the least secure ways to share data. “While protocols such as FTP normally only transfer data between two computers, [email] often sends data through several machines before it ends up in the recipient's email inbox,” explained Indiana University.
- Physical device: A USB thumb drive or external hard drive can be used to transfer files from one device to another, but this method of data transfer is inconvenient and not user-friendly.
Generally speaking, transferring files through the web or email requires an extra layer of security to ensure data is kept safe while in transit. As such, FTP and email are secondary solutions to P2P transfer (provided your network and perimeter security are strong) or cloud services.
Best tools for secure data transfer
These are user-friendly, affordable, and can help your organization keep personally identifiable information safe from hackers.
Box is a cloud-based file-sharing system that integrates easily with G Suite, Office 365, Adobe Sign, and Salesforce. Box offers strong user authentication features and secures every file using AES 256-bit encryption. Box can also be configured to meet industry-specific regulations, such as FINRA and GxP, data residency requirements, or GDPR.
Tresorit is a device-friendly data transfer option because this platform encrypts data on the user’s device. This means that only those who know the data can share files with one another. Tresorit is HIPAA-compliant and regularly conducts vulnerability tests – challenging 1,000 hackers to try to steal data in one recent stress test.
This cloud-based option is already extremely popular, and for good reason. Google Drive is very user-friendly and integrates seamlessly with Gmail and other Google products. Plus, users get 15GB of storage for free.
WeTransfer is a free, simple, fast way to send files securely. Upload your file and then add a recipient’s email address or select the option to create a one-time link that other people can access. WeTransfer allows you to set password protection and custom expiration dates on transfers to ensure data doesn’t accidentally leak over time.
Data transfer doesn’t just happen between platforms – it often happens inside a tool like Slack or Google Drive, where users may think sharing PII is completely safe. These platforms have their own Data Loss Prevention (DLP) security protocols, but not all of them are designed to alert your team when sensitive data is shared or used inappropriately. Slack, for instance, does not monitor message content – which is where most security threats originate. Nightfall integrates with Slack and Google Drive to identify, classify, and protect the data you need to keep secure. Nightfall is equipped to detect 100+ types of sensitive data: everything from addresses, names, and passwords to credit card numbers, protected health information (PHI) and other PII. Nightfall will alert your team if data is shared inappropriately and provides remediation options such as deleting or quarantining the detected data. To learn more about Nightfall, schedule a demo below.