We all appreciate the convenience of link sharing. It's fast, easy, and secure. One of the benefits of ShareFile® is the ability to create links with different types of permissions. For example, you can create links that are visible to the public, no log-in needed. This kind of link sharing is great for information that any person inside or outside your company could read. There are some best practices we recommend you follow to make sure your data stays protected from cyber criminals. In this blog, we'll talk about why these best practices exist and how you can roll them out across your team.
What is anonymous sharing?
In our hyper-connected world, ShareFile has made it easy to share files with just a few clicks. When you generate a document link in ShareFile, there are two options that allow anonymous viewing: Anyone-Public: enables anyone with the link to view the content without providing information, and Anyone-Public enter name and email: enables the viewer to enter a name and email into a text field without logging in to view the content. These are great options for non-sensitive information.
Be aware of potential data exposure
You can’t deny the convenience of sharing documents that do not require a log-in to view. However, customers must understand the significant risks that come with sharing documents via public links.
· Data Exposure: When you share documents via public links, they are, as the name suggests, accessible to anyone with the link, not just the intended audience. This can lead to unintentional data exposure, where sensitive information ends up in the wrong hands. Whether it's personal details, financial records, or confidential business documents, the consequences of exposure can be significant.
· Unintentional Sharing: Public links are easy to distribute, which can lead to accidental sharing. You may inadvertently share with someone a link that was meant for a different recipient, potentially exposing personal or confidential information.
· Data Scraping: Search engines often index public links, making them a target for web scraping tools. Malicious actors can use these tools to scour the web for public documents containing sensitive information they can use for various purposes, including identity theft and fraud.
· Lack of Control: When you share a document via a public link, you relinquish control over who accesses it. There's no easy way to limit access or track who has viewed your document. This can pose a significant security risk, especially when dealing with proprietary business information or personal files. · Access to Bad Actors: While ShareFile provides best-in-class security, public links can still be vulnerable to bad actors who discover and access those links and exploit the fact that they can require no user verification. Cybercriminals may exploit the link's security weaknesses, gaining unauthorized access to your documents.
6 tips to securely share public links
While the threat is alarming, the solution is simple. To mitigate the risks of sharing documents via public links, consider the following steps:
1. Require log-in: Select the option to require log-in to view content. You can do this in the drop down for “Who can access this link”. Within this section, select either "Employee users (after signing in)" or "Client and Employee users (after signing in)" to share files more securely.
2. Set shorter link expiration dates: Consider how long the link to the content should be live. You can set a custom duration for the link expiration date. Regularly audit and review your shared links to ensure they are still necessary.
3. Encrypt email content: For an additional step, encrypt the body of the email, in addition to the attached files. Use our encrypted email option to send documents to specific people in a more secure way.
4. Use security alerts and take action: ShareFile offers straightforward security that you don't need a robust IT team to manage. Employee users, administrators, and clients will receive email alerts when there is unusual activity on their folder. They can receive alerts via email, in real time, for unusual activities such as:
· Malware upload
· Suspicious location access
· Unknown device access
· Unusual authentication failures (shown below)
We're working hard to add extra security layers to make security even more robust without assigning additional work to you or your teams. Stay tuned for deeper insight into threat context and history with the ability to mitigate threats in real time.
5. Utilize a dedicated project space: Within ShareFile, create a project to help clients understand what documents to submit, sign, or share. Clients can leave comments, receive alerts, and get things done. Having a dedicated place to collaborate reduces the need for shared links as the approved users have access to their specific file folders. Documents, files, and messages are encrypted — and only authorized users are able to access.
6. Share knowledge: Educate yourself and your team about the potential risks associated with public document sharing. Share this blog post to help educate your team.
By exercising caution and employing security measures, you can enjoy the benefits of document sharing without exposing yourself or your organization to undue risk.
Latest updates to secure sharing
We are taking steps to improve the security posture of file sharing. All new share links will default to use secure sharing options which will apply across all ShareFile locations: ShareFile desktop app for Mac and Windows, ShareFile Web app, ShareFile Mobile app, ShareFile plug-in for Microsoft Outlook and Gmail.
- The ‘sign in required’ option will be selected by default for all shares
- A new alert when you are about to share a link that can be viewed by anyone
- Admins can require authentication for all share or request links for the account
For more information, see our learn more page for New secure sharing options.