If you cannot safely send documents to clients, your business might suffer fines and negative publicity. For example, European regulators have imposed $126 million in fines as of January 2020 to organizations for failing to meet General Data Protection Regulation (GDPR) requirements. In the U.S., Facebook has agreed to pay $5 billion for “privacy violations and its failure to inform tens of millions of users about a data leak that happened years ago.”
There’s no question that data security matters. The real question lies in deciding which information to protect and how to protect that information. Before introducing various tools in the market, let’s start with risk assessment.
Three principles to guide your approach to data security.
Think about all of the information you use every day in your business. You might send emails between colleagues to discuss a customer service problem. The sales team might create proposals with price quotes for a prospect. Finance systems may contain personal data so employees and vendors can be paid. You might also have company data in a cloud service.
To avoid becoming overwhelmed with potential data security challenges, focus and prioritization matter. According to McKinsey & Company, a global consulting firm, “in an increasingly digitized world, protecting everything equally is not an option.” Consider using the following guidelines from McKinsey to determine what you should protect.
Start with the business and its value chain. This principle means thinking through how your business generates revenue and how that process might be disrupted. For example, think through everything that happens when a customer buys something from your company (e.g., what systems and applications are involved).
Take the attacker’s point of view. Put yourself in the shoes of a hacker for a few minutes. What information would be valuable to them to steal? For example, personal information might be used to commit identity fraud.
Go deeper on high-risk areas. Some applications and data warrant additional protection. For example, a customer database that contains personal information like names, addresses, phone numbers, and credit card numbers needs more protection than a list of office supplies.
The above tips are not intended to be comprehensive. Instead, they are an initial list of ideas to inform your company’s approach to data security. At this point, you will have some idea of what information to protect.
Three technical security features to look for.
An understanding of high-level security principles gives you a starting point. However, there are specific capabilities to keep an eye out for in document and file-sharing tools.
Multi-factor authentication. Also known as two-factor authentication, this security feature means providing more than one piece of identifying information. For example, you might enter a password and then have to enter a special code sent to your phone. According to a Microsoft report published in September 2020, a majority of “Microsoft enterprise accounts that were compromised didn’t use multi-factor authentication.”
Encryption. The US government has released the Advanced Encryption Standard (AES) as a guideline for security, which allows for keys up to 256 bits. A larger key is more difficult for somebody to hack.1Password, a password management app, adopted 256 bit keys in 2013 to enhance security as they scale up to serve more customers. Likewise, Zoom has also adopted 256 bit security.
Support for the principle of least privilege. According to Microsoft, using the principle of least privilege (i.e. “the practice of limiting access rights for users to the bare minimum permissions they need to perform their work”) can help to reduce certain risks like the installation of unwanted applications. Therefore, look for document-sharing tools that make it easy to control user accounts and privileges to put this principle into effect.
Safely send documents to clients: The top tools.
To develop this list of recommended tools, we consulted several industry publications, including WIRED, a technology magazine, and TechRadar, a technology news website.
Pricing: Varies depending on plan type. The entry-level Personal Plus plan costs $11.99 per month.
Size limits: Varies depending on the plan. The entry-level Personal Plus offers 2,000 GB of storage.
Notable data security features: Users can protect shared file links with passwords and expiration dates.
This cloud service is an attractive choice for a business that has to send large files to other people. To securely send a file using Dropbox, a user would first upload the document to Dropbox. Next, the user would apply the security protections they desire (e.g., password and expiration date). At that point, the business can add another user to a specific part of Dropbox.
Pricing: The cloud service has two plans: a free plan and a pro plan ($12 per month).
Size limits: The WeTransfer free plan has no storage, is limited to sending and receiving files of up to 2 GB, allows you to email transfers to up to 10 recipients, and files automatically expire after seven days. The pro plan includes 1 TB of storage, the ability to send and receive files up to 20 GB and email transfers to up to 50 people.
Notable data security features: The pro plan includes password protection and the ability to customize when file transfers expire.
This cloud service is focused on sending files. Since email attachments typically have a size limit (e.g., 150 MB for Microsoft Exchange), WeTransfer may be a good choice for a business that needs to send large files to clients. To receive the best data security features, choose the pro plan. Also, you can customize your WeTransfer page, and use it as a client portal to send and receive files.
Pricing: Signal is free.
Size limits: Not stated on the Signal website
Notable data security features: According to PCMag, Signal is “end-to-end encrypted by default.”
Unlike some of the other apps mentioned above, Signal is best seen as a messaging app rather than a file-sharing tool. That said, the app introduced file sharing for all files in 2017. Signal is an open-source tool, so it is possible to review the data security code in detail. Keep in mind that reviewers have described the app as a “sparse interface.”
Pricing: 5 GB of storage is offered to Apple users at no charge. Fees apply for additional storage: 50 GB of storage is $0.99 per month, 200 GB is $2.99 per month, and 2 TB is $9.99 per month.
Size limits: 5 GB of storage is offered to Apple users. The cloud service also offers 50 GB, 200 GB, and 2 TB of storage.
Notable data security features: iCloud is tightly integrated with Apple technology. The cloud service also offers two-factor authentication to reduce the chance of unauthorized access.
Offered by Apple, iCloud is a cloud service that began in 2011. The service includes secure file-sharing features such as the option to manage permission levels (e.g., view only vs. can make changes). iCloud may be a great choice for a business that mainly uses Apple products because it is designed to integrate with Apple products. However, iCloud is available for Windows computers.
5. Google Drive
Pricing: There is a free plan and paid plans, which start at 100 GB for $19.99 per year.
Size limits: You get 15 GB of data storage in the free plan. The paid plans start at 100 GB for $19.99 per year.
Notable data security features: Google Drive offers ransomware detection and two-step verification.
Launched in 2012, Google Drive is a secure file-sharing cloud service. PCMag points out that Google Drive stands out in terms of the amount of free storage it offers. The cloud service is accessible through a browser, as well as Windows, iOS and Android mobile apps.
Safely send documents to clients: Practice internally first.
Once you choose a tool for file sharing, it might be wise to test the tool internally first. For example, ask two employees to share files and test the security settings. Once employees are comfortable with secure file sending, you can introduce the secure file-sharing solution to your customers.