NEED TO KNOW NEWSLETTER        AUGUST 2025

File sharing basics

The days of paper files are gone. Our information is either online or stored on our localized devices. In the context of remote work, hybrid work environments, and working with contracted vendors, data transfer is an essential process. And with that, we need to ensure that our files are secured while they are stored and in transit.

Secure file sharing

Secure file sharing is when different users or organizations protect the transfer of files. This is primarily done by restricting access to the files, and ensuring the data is encrypted during transit and while at rest.

Some file-sharing methods are more secure than others. A few of the most common methods are storing files on a file server or using web-based cloud storage with shareable links. In both cases, permissions for the document can be controlled by the document owner.

To protect files both at rest and in transit, encryption is essential. It secures data by converting it into an unreadable format, accessible only to authorized users who can restore it to its original form.

File sharing risks and responsibilities

Organizations try their best to control and secure their information. To help your organization keep data secure, follow all policies and procedures.

One way to do that is to only use organization-approved services. If you were to download your own file transfer tool, it is out of IT’s control, meaning updates may not be applied and security issues may be unknown.

Avoid using removable media, if possible. USB devices are easy to use, but also easy to hide malware. It is best practice to only trust a removable media device from sources known to you.

If you find a discarded or lost USB drive, report it and hand it over to your IT department or your manager to safely access whatever information is on it. Never plug it into your computer.

Cloud storage is useful, but it is a target for hackers. To protect your information, know who you're granting access to and what type of access. Many providers offer edit, read-only, or comment access. Ensure you understand the differences and choose appropriately.

Data Classification

Data classification is a critical process within an organization that involves categorizing data based on its level of sensitivity and importance.

Data classification is a way to organize and protect your organization’s information based on how sensitive or important it is.

By doing this, organizations make sure that sensitive data is kept safe and only accessible to those who need it.

Data Classification helps:

• Prevent unauthorized access
• Ensure data protection policy
• Compliance with regulations

By classifying our data, we can manage it better, reduce risks, and create a culture of security awareness within our organization.

MOVEit Zero Day attack

One of the more popular tools used for file sharing and file transfer services is called MOVEit. MOVEit encrypts your data and uses file transfer protocols to send it safely from one user to another. Recently, hackers attacked MOVEit. Using a technique known as SQL injection, they were able to access and copy the data of MOVEit users.

When the breach was discovered, MOVEit owners issued a patch. But it was too late. The hackers had already exploited the vulnerability for more than a month, and the damage had been done.

Takeaways:

• When breaches are discovered, software needs to be patched. Keeping your device, software and apps up to date will help keep you from being a target in a breach.
• Only use file storage, transfer, sharing, and encryption tools that have been approved for use by your organization.