Cyber security compliance: How to safely share files

Photo of someone uploading a file via email

Should we be sharing files via email?

Reducing cyber breach risks in your business

Sending information by email is never really secure, even over an HTTPS connection. Not all email providers offer an encrypted way to send messages.

Unless the files themselves are encrypted, such as by using a password-protected PDF, there is no guarantee that the intended recipient will be the only one to see the message.

A more secure way to share files online is by uploading the file to a cloud server such as OneDrive or Google Drive, then sharing the link.

Email attachments vs share links:

Email attachments: 👎Share links: 👍
👎 Limited to about 10mb 👍 Can handle 1gb or more
👎 No security features 👍 Can be password protected
👎 Spam filters can block genuine attachments 👍 Links aren’t caught by spam filters
👎 Can take up precious storage space 👍 Stored on the cloud, so no storage space needed
👎 Don’t know who else accessed it 👍 Track all opens and downloads
👎 Attachments never expire 👍 Expiration or destruction dates can be set
👎 Mistakes can’t be corrected without re-sending 👍 The information can be updated at any time
👎 Can’t be recalled if sent in error 👍 Link access can easily be revoked

Sharing files using a removable device

Sharing files by using a removable storage device like a USB stick or flash drive can be a bit more secure than email. It involves directly copying or moving the files onto the removable storage device and then physically transmitting it to the recipient.

However, USB storage devices are small and can easily get lost or stolen. Therefore extra care must be taken when sharing sensitive files via removable device.

Do’s and don’ts for devices

Never

❌ plug an unknown flash drive into your computer

❌ use the same flash drive for work and personal files

❌ purchase a flash drive from a non-reputable seller

Always

✔️ use a password-protected or encrypted flash drive

✔️ keep it in a safe and secure location

✔️ report a lost or stolen flash drive 

File sharing by printing

If you are printing information to physically hand or send to someone, be aware that it comes with cyber security risks.

Possible risks include:

  • Data being sent to a printer over an unsecured network
  • The printer storing data on an unencrypted hard drive during the printing process
  • Sensitive data being sent to the wrong printer
  • The documents ending up in the wrong hands
  • Printers themselves can be vulnerable to hacking 

It’s not just cyber security to be aware of when printing. Not being cautious when using printers can also result in data protection breaches. Leaving personal information for others to find it, not properly shredding used data, and even not using the latest secure printing technologies could result in a GDPR breach. This is because data protection law requires all proper technical measures to be taken to protect personal information.

Additional resources on printer-related cyber security risks:

VinciWorks’ Phishing Challenges

VinciWorks’ Phishing Challenges present a series of emails, with users having to identify the red flags in each one. These phishing simulations enable users to identify high risk employees and produce a report with each employee’s phishing risk score. Businesses can create their own industry and role-specific phishing challenges. A new phishing challenge is released regularly to reflect the latest threats.

Demo latest Phishing Challenge

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.