Small businesses have a difficult time finding file sharing solutions, because most solutions are built either for consumer use or large enterprise use. There are very few file sharing solutions that both meet the needs and budget of small businesses.
The divide between consumer use and large enterprise use is wide. On one end, convenience rules. On the other end, security is paramount toward decision making.
There are seven main reasons that small businesses struggle with file sharing:
- Lack of or limited IT resources.
- Lack of sufficient file sharing solutions fitting their needs on the market.
- Lack of detailed audit trails available in consumer grade tools.
- Stringent industry compliance requirements they must adhere to with regards to data protection.
- High likelihood of 100% remote teams where there is no centralized network or storage.
- A company culture that values convenience above security.
- Requirements for full protection for both data in motion and data at rest.
At Attila, we’ve witnessed these struggles within our existing customer base. As such, we've enhanced our GoSilent product line to implement a solution that fits their security needs, budgets and resource requirements.
GoSilent Share offers benefits that help reduce the problems with the seven issues cited above:
- Setup is quick and simple, rather than arduous and resource-intensive.
- Access to all data is completely limited to the employees that are using GoSilent Cubes.
- Management is easy and quick, with very few settings to tune to maintain security.
- You have access to a full audit trail of every change or view of the files in your share.
- You do not need a centralized corporate network to use GoSilent Share.
The long-winded version
Below you will find the more detailed, expository version of the content for those who like to read. Plus, the marketers made me write it...
Trying to find a secure file sharing service or solution that works for small businesses is a very difficult task.
We find that small businesses fall into three major categories when it comes to file sharing:
- Security at all costs: organizations that are so concerned with security that they flat-out refuse to do any file sharing because they haven’t found a satisfactory solution.
- Some security is better than none: security is important to these organizations, but only up to a point. When it starts to interfere too strongly with convenience, it will be dropped.
- Convenience at all costs: organizations that have allowed file sharing to run amok, because they want a quick and convenient solution, and therefore lack the appropriate security controls.
For those that fit into the first category we mentioned -- for those that are afraid to even attempt file sharing of any kind -- there are solutions that can make it possible. In your case, you most likely handle extremely sensitive information across a small, distributed team. You may not have a “centralized” network at all, and you likely use very manual methods (like encrypted emails) for file transfer and sharing of documentation when you absolutely have to and may not even have a VPN solution in place.
And for those sitting in the third category, you’ve probably completely avoided looking at the lack of security in your current file sharing practices, in the name of “convenience” or “productivity.” If you find yourself in this category, we urge you to look and truly determine if your secure file sharing practices are up to the standards you want them to be, or your industry requires them to be.
Concerns with secure file sharing for small business
1. IT resources
As a small organization, you likely don't have a sophisticated IT staff or maybe you have no IT staff at all. An enterprise-grade file sharing solution requires overhead, management, administration and plenty of auditing.
Hiring someone to deal with this may not be a viable solution, and you certainly don’t want to spend your valuable time on those tedious activities.
2. Available file sharing solutions
Quite frankly most file sharing software tools simply aren’t built to meet the needs of small businesses.
Small businesses find themselves sitting right in between two solution categories. There are consumer grade tools and enterprise level tools for secure file sharing, but nothing that provides both the necessary security and is built for smaller teams.
3. Audit trails
The level of detail available in the audit trails of most consumer grade tools is murky at best. You may know who the file was initially shared with, but if they then chose to share it with someone else, the audit trail will essentially go cold at that point.
In the end, you’ll have no idea with reliability who accessed, viewed or deleted files in your share. This is a huge problem for any business, but is an even bigger issue for those who find themselves in the next category, where compliance requirements are stringent.
4. Compliance requirements
Many industries have very strong cybersecurity requirements, almost all of which touch on file sharing in some form or another. This list is not exhaustive, but a sampling of the industries where we have seen very stringent requirements with regard to file sharing and have served clients in the past:
- DoD Contractors and Defense Industrial Base (DiB): Companies that touch sensitive data for the government, usually Controlled Unclassified Information (CUI) or higher, are subject to CMMC requirements, each level of which has increasingly stringent requirements on the security of documents.
- Financial Industry: Companies that handle financial data are subject to FINRA’s cybersecurity requirements which touch on the technology used to manage the transmission and sharing of data.
- Healthcare: Companies that handle health data are subject to HIPAA’s cybersecurity requirements.
- Payment Card Industry (PCI): Companies that handle credit card data are subject to PCI requirements for cybersecurity and protection of personal data.
- Lawyers or Legal Professionals: The protection of client data is especially important in the legal profession and often lawyers hold themselves accountable to NIST cybersecurity standards to protect that information.
Essentially, most industries require some level of cybersecurity protection, and those that don’t have their own specific set of standards generally default to NIST standards. Also, if your industry doesn’t have specific compliance requirements yet, you still most likely collect Personally Identifiable Information (PII) about clients that you are obligated to protect (and can be fined or penalized for allowing a breach).
5. 100% Remote
Many smaller businesses, particularly in today’s COVID-19 world, are 100% remote. As such, we’ve seen plenty that don’t even have a centralized network of their own and rely entirely on data stored on personal machines (or in file shares lacking in security).
If you find yourself in this position, you will want to weigh the pros and cons of building your own centralized network versus finding a secure cloud sharing service. In today's world of remote work, we've found that small companies that are 100% remote need secure file sharing more than they need a centralized network.
6. Company culture
Another very big roadblock to secure file sharing is the attitude or actions of your team. Much of what is required to keep your data secure rests in the hands of the employees who are accessing that data.
If your company doesn’t have a strong cybersecurity culture, where your company data is viewed with the utmost respect and confidentiality, no tool will ever be truly secure. The policies you have in place, and how well your team respects those policies will ultimately make a huge difference in the overall security of the solution you choose. As well, the service that you choose should make it easy to implement your policies and ensure adherence.
7. Data in motion and at rest protection
Depending upon which set of compliance requirements you find yourself subject to, the level of protection of your data when it is stored in the cloud and the security of the data transport (communications) should both be scrutinized.
You’ll want to find a solution that encrypts your data to your specified levels both while it is being accessed and while it is stored.
Most consumer-grade tools fail to meet one or both requirements in the most stringent of cases.
Read the Secure File Sharing Whitepaper
Your complete guide to secure file sharing for small contractors.
Secure file sharing CAN be simplified
All of this doesn’t mean there aren’t secure solutions available for small businesses. There may be many roadblocks to implementing a true file sharing solution, but there are platforms that can make them much smaller and easier to overcome.
Because we have seen all of these roadblocks time after time for our small business clients, we looked to create a solution that would help alleviate some of the troubles.
How it works
Each employee that needs access is issued a GoSilent Cube. Your secure file share is accessible only through a Cube. We are so stringent about this that even our own developers can only access the platform through a Cube.
Each time a file is accessed, shared, read or deleted a full audit trail is maintained. And, because only those with a hardware VPN Cube can access, there is no concern for sharing outside of the organization or with someone who is unauthorized.
Data at rest and in transit is encrypted using NSA-grade crypto suites.
This solution offers the following benefits for the roadblocks discussed above:
- Setup: Getting up and running becomes as simple as setting up groups and assigning access levels, and sending the hardware VPN Cubes out to your team.
- Access: Access is 100% limited to those to whom you’ve issued hardware VPN Cubes. You can assign group access that is even more stringent to allow certain users access to certain sections of your file sharing platform.
- Management: There aren’t a thousand things to configure. In fact the initial setup is a simple 3-step wizard. This means you don’t need a dedicated IT team or even technical staff to manage.
- Audit trail: You’ll immediately and automatically have full audit trails of every access, share, and deleting of shared files or folders.
No longer do you have to accept file sharing as a security hazard. If you’ve been avoiding implementing a file sharing solution in the name of security, you no longer need to. If you’ve been allowing convenience to overrule security in your file sharing practices, just to make your business run effectively, you no longer need to.
Secure file sharing solutions are available in the cloud that support enterprise use cases. If your company is large, then there are several robust vendor solutions to compare. However, if your company is small and lacks in the areas of IT and cybersecurity, then please take a deeper look at the GoSilent Share solution. We have tailored the solution toward small companies that have high security requirements.