Security awareness

Ways to Stay Secure When using File Sharing

Infosec Institute
July 26, 2017 by
Infosec Institute

When sharing small files over the Internet, you can always attach them to an email but, when the file is large, it may not be possible to send it via email. Most email servers have a limit on the email size, so you need a more robust mechanism for sharing files across the internet.

Fortunately, you have several alternatives to choose from. But every alternative comes with its own security risks. Before we move on to discuss the risks and how to avoid them, we need to know what file sharing is, the various ways of sharing files, are and how they work.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

What Is File Sharing?

According to Techopedia, “File sharing is the practice of sharing or offering access to digital information or resources, including documents, multimedia (audio/video), graphics, computer programs, images and e-books. It is the private or public distribution of data or resources in a network with different levels of sharing privileges.”

Types of File Sharing

Several methods can be used for file sharing. Some of the most common techniques for storing and distributing files include:

  • Removable storage media
  • File transfer protocol (FTP) programs
  • Peer-to-peer networks
  • Online storage websites or file hosting services

Removable Storage Media

These include removable storage devices such as optical discs, memory sticks, memory cards, removable hard disks, etc. A user can transfer files from their computer system to the removable media and physically hand it over to the user with whom they want to share the files. The receiver can then connect the device to their computer system and transfer the files.

File Transfer Protocol (FTP Programs)

Though an old one, FTP is still a useful method for sharing files on the Internet. It works by making available all the files that need to be shared on an FTP server. Remote computers that want to access those shared files run FTP client software and log in to the server. All modern web browsers and operating systems come with built-in FTP client software. The FTP server can be set up for security access and can ask for a valid login and password from clients before allowing them to access it.

Peer-to-Peer Networks

Peer-to-peer (P2P) file sharing is one of the most popular methods of file sharing, particularly for music and videos. Files are shared with the help of peer-to-peer software and users can directly access and download the files. The “peers” in this file sharing method are computer users connected via the Internet. Unlike FTP, most P2P systems do not use central servers; rather, every computer in the network functions both as a server and a client. Instant messaging (IM) services such as Skype are also a type of P2P network that support file sharing between two or more users. Bit Torrent and uTorrent are examples of peer-to-peer software.

Online Storage Websites/File Hosting Services

These include web services made for storage or sharing of data on the internet for personal use or for providing access to other users. Some of the well-known solutions are Dropbox and Google Drive. A member can upload photos, documents, etc. with the help of a web browser or app and can allow others to download copies of those files using the same program. These also provide users with files to allow being downloaded via blogs, forums, email, web links, etc. Emails can only allow the transfer of small amount of data. Website links work by allowing users to upload files to a website which stores them on its servers. The users can share that link with others, clicking which can directly download the file with the other user.

Is File Sharing Secure?

Now that we know we have a number of options for file sharing to choose from, the question is: How secure are they? When thinking of file sharing, security always comes along because, in today’s connected world, the two terms are inseparable.

Because the actual source of an online file is very hard to ascertain, you can never be sure that the file you are receiving will be the one you want or that it will be malware-free. Moreover, much of the content available, especially on P2P networks, is copyrighted material and is not intended for legal distribution. Downloading such a file could expose the sender to legal action.

Hackers attack file sharing applications by infecting files with malware and then getting users to install those infected files in their systems. Downloading such content invites security risks and can result in a number of security breaches, unless you have strong security safeguards in place. Some of the file sharing interfaces expose a user’s computer directory without their knowledge, and thus allow hackers to see even that information that you did not intend to share.

Some file sharing apps request open ports on a user’s firewall. Since firewalls stop attackers from viewing your communication, breaking this barrier for successful downloading of files will also put your computer system at risk.

Removable storage media can be connected to one computer system or another, and may catch malware from an infected system. Similarly, FTP does not provide encryption for data transfer. Transferring official files over FTP can leave your data exposed to a number of security attacks such as a brute force attack or packet sniffing.

File hosting services can pose their own security risks. Users who are not vigilant may place sensitive data in publicly accessible folders. It is also possible that users may “accidentally” move sensitive files to locations that are synchronized automatically with publically accessible external locations without being aware of doing so.

All file sharing options come with their own security risk, and ignoring them can compromise your critical personal or financial information. But if you are careful and choose your approach wisely, you can avert the risks.

How to Stay Secure When Sharing Files?

In a world that is filled with cyber-threats, how do we ensure our safety when sharing files online? Below are some steps that you can take when sharing data to stay safe.

Create Strong Passwords

According to a report by Keeper, a password management company, “123456” remains the most commonly used password throughout the world in 2016. According to Verizon’s annual Data Breach Investigations Report last year, 63% of confirmed data breaches were due to weak or default passwords.

Keeping a strong password is the first step in reducing the chances of data theft. To keep your online accounts as secure as possible, your passwords must:

  • be of at least eight characters.
  • include a combination of numbers, upper and lower case letters and symbols.
  • Not be a dictionary word.

Also make use of two-factor authentication, also known as 2FA, to add another layer of security to your account, whenever given the option. More preferably, if a platform is not offering 2FA, choose one that does.

Keep Your Security Software Updated

Ensure full protection of your system by keeping your anti-malware software up and running. Before downloading, check that your firewall is enabled. If a P2P program asks you to disable your firewall, it may not be a legitimate P2P program.

Insist Upon Encryption

Many people carelessly send files through unencrypted channels without realizing the risks involved. If you are sending sensitive information to an authorized party and want your information to be completely safe, always use a medium that offers encryption. Using encryption will scramble the information and make it unreadable to eavesdroppers unless they have the key to decrypt it.

Files on removable media can be encrypted with a number of tools, such as self-encrypting USB drives, which embed algorithms on the hard drive and eliminate the need for installing software; full disk encryption software, which encrypts storage media that are otherwise unprotected, such as CDs and DVDs; or file encryption software that encrypts particular files on the storage device.

The most common and easiest way to implement a solution for P2P and file hosting services is HTTPS, which is a protocol encrypted by security algorithms such as RSA, Kerberos, and ECDH. The encrypted data is sent via the secure protocol to the receiver for decryption. This transportation happens over security protocols such as secure sockets layer (SSL) and transport layer security (TLS).

Don’t Download Files when in Doubt

While you need to protect your information when sending it to friends or coworkers, you also need to keep yourself protected from files that are sent to you. Hence, it is important to download files only from trusted sources or after verifying an unknown source. If still in doubt, leave it out. According to the 2016 State of the Phish Report by Wombat Security, 85 percent of organizations experienced phishing attacks in the year 2015 and the number and sophistication level of the attacks has been going up every passing year.

Use Secure Services

Ensure the security of software before you download it. When considering the installation of a new program, ask the following questions from yourself:

  • Does the vendor encrypt files when they are being sent?
  • Does it have any data breach history?
  • Is it using secure file transfer protocol?
  • Is it offering multi-factor authentication?
  • How does it rate on online website reviews?

Do Not Upload Copyrighted Material

So you got yourself a digital copy of a latest movie and want to share it for free with the rest of the world? Do not do that. Uploading copyrighted material can land you in some serious legal trouble.

Check all Details When Installing a P2P Program

When installing a file from a shared network, always clarify what folders on your system will be made public in order to avoid exposing your private data. Also, closing a software window will not end your connection to the network and your shared files could still be accessed by users, which in turn can increase your security risks. Always close the program when not in use.

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Follow Secure Email Practices

Phishing scams through emails are very common and have resulted in some serious data breaches in the past. If you are not sure about the sender of an email, never open an attachment. Even if you are sure of the source, always scan the file with your anti-malware program before opening it. It may happen that the source is reliable but they themselves may not know that the file is infected. Also, set your anti-malware software to automatically scan all incoming and outgoing emails.

Take Precaution with Portable Storage Media

Never connect any portable storage device to your computer if you are not sure of its origin. When connected, always scan the device with your anti-virus or anti-spyware before opening the folder.

Infosec Institute
Infosec Institute

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training.