External file transfers – do they need to be risky business?

Written by Nicole Lin, MD of Synology UK

Hybrid working, although a recently evolved model of working, is here to stay for the foreseeable future. And, whilst some business owners debate the longevity of this model it does make sense for SMEs to ensure their cyber security processes are suitable for this new way of working. There are many benefits to hybrid working which smaller businesses are best placed to capitalise on, but there is also an increase in risk too.

Whilst setting-up and maintaining secure IT systems should be straight forward for SMEs, the plethora of options combined with the exponential rate of growth in IT services has made this a minefield for many business owners. Everyday tasks, such as sending files to external partners, suppliers, and clients should be simple and yet too often this is where many firms fail at the first hurdle.

We know that external file transfers create a security challenge, but the movement of sensitive data to external end users is also a core operational process for every business, including SMEs. So how can SMEs minimise risks when it comes to file transfers?

Today there are several on-premises storage solutions already in place including Synology’s C2 Transfer, which were created to empower businesses and home-users to solve their data management challenges. These challenges typically involve connecting remote teams, enabling file sharing and collaboration between people.

But until recently the last part of the puzzle had not been fully addressed for SMEs. Namely, how can teams securely send out important and potentially sensitive files to clients, partners, and suppliers without exposing the business to risk?

Identity verification and end-to-end encryption

We know that most file collaboration solutions, including cloud or on-premises solutions, protect data through permission management and audits of individual account activity. However, deliverables still have to be sent to external parties that do not have accounts.

In an ideal world for SMEs, the transfer of sensitive data should remain simple for all parties involved whilst ensuring that files are always delivered to the right person, even if a link is accidentally published or shared with the wrong person. The approach we recommend to ensure files are transferred safely is, to verify identities by sending a one-time password (OTP) to a sender-specified address or phone number to ensure that only the intended recipient can access the files.

Business interruption caused by supply chain issues has recently hit the headlines again, yet cyber security, IT failure and data breaches still remain a top concern in 2021 for UK small businesses according to the Allianz Risk Barometer.1 The pandemic fundamentally changed the working model for many organisations and this fuelled concerns around cyber security for a variety of reasons. It’s important to remember that businesses, especially SMEs who have the ability to be agile and respond quickly to change, can help employees to reduce the likelihood of cyber-attacks, data breaches and IT failure.

Five key areas for UK SMEs to address are:

  1. Adopt and deploy identity verification and end-to-end encryption when transferring files to clients, partners, and suppliers to reduce risk to the business
  2. Encourage the use of strong passwords, and have a clear and robust process for reporting a security breach
  3. Enable two-factor authentication methods and the use of one-time passwords (OTPs) to ensure only the idented recipients have access to data you share outside the company
  4. Ensure security settings such as watermarks and number of downloads before link expiration are enabled to be able to audit and track when security breaches occur
  5. Roll-out a training and awareness programme to all staff so that they fully understand best practice when it comes to preventing cyber-attacks, data breaches and IT failure.

As we emerge into new business models and ways of working in a post Covid world, understand and managing risk within a business remains important. Whilst risk management has always been an element of running a successful SME, the landscape of risk has fundamentally changed.

Understanding what this new landscape looks like, as well as the solutions available to small businesses in the UK will help business owners and senior leadership teams to navigate a safe way through. It is unlikely that we can eliminate all risk to business, but what we can do is equip you with the knowledge to prevent and significantly reduce risk.