Site icon

External File Transfers – Do they need to be Risky Business?

External File Transfers – Do they need to be Risky Business

Image | Pixabay.com

We all know that 2020 has been the year where everyone, every business, every institution had to adapt. Starting with remote working, which lead to a radical change in where we store our data and how we access it- this often being synonymous with using Cloud services. The healthcare industry (perhaps more than other sectors), was rushed into this new approach, being forced into remote consultations and appointments. And although we have seen a significant rise in cyber security breaches in healthcare organisations in recent years- such as the Wanacry virus software that infected the NHS in 2017, the extensive integration of technology and remote working into the healthcare system has left it even more vulnerable to attacks like this.

Paradoxically, the speed of these changes mean that IT administrators are aware of the security risks. Helped by some recent cases- as over 1.5m records were breached across 39 healthcare data breaches in February 2020 alone, according to recent research by the HIPAA Journal– best practices have made their way into the minds of IT staff; importance of protecting their cloud data, regularly testing backups, and more broadly, having a solid disaster recovery plan in place.

However, this has led to the seemingly benign and unsophisticated functions to go under-scrutinised: namely, sharing of data. In a sector increasingly intertwined with industry, with research laboratories locked into a global competition, healthcare organisations need to match the standards expected in the Corporate and Defence sector. Beyond the need to protect valuable research data, these organisations deal with vast amounts of highly sensitive and confidential patient data and need to abide by global standards such as GDPR and ensure that data is shared in a controlled manner. As the pandemic spurred on remote working and prevented non-essential contact, the collaborative working system across our healthcare system that allows for referrals and multiple wards and units working together relied more heavily on sharing patient data digitally. And with this, the amount of data being shared increased vastly, making it more difficult to and track control what is being shared and when.

This is where it becomes essential to move these organisations to a modern file transfer solution, which allows to combine more convenience with added security for all parties involved.

So, what should an IT administrator be looking for in a modern and solid file transfer solution in 2022?

Encryption: this is an absolute must-have, with preferably a military-grade encryption level, typically AES-265, to ensure files cannot be read if the storage is ever breached. A robust solution does not leave weaknesses in the overall design: the strongest possible encryption is a waste of time if user chose encryption key easily guessable. Modern solutions, such as Synology’s C2 Transfer add extra security layers by calculating encryption based on the email of the sender, helping add additional complexity.

Identity check: When sharing confidential files, there is always a risk that the link is intercepted, possibly sent to the wrong email for example. It is therefore essential that the solution “checks” that the person looking to access the link is authorised. To ensure this vital check does not come at the expense of the user experience, a unique One-Time-Password can ensure research files do not end up in the wrong hands.

Controlling who shares what: The minute we give staff the possibility to share data, we should expect that the wrong data will be shared with the wrong person. It is therefore essential that users can restrict file access. Ensure the file transfer solution allows to control the number of downloads allowed, ideally a simple option to “download only once” will mean that after the intended person accesses the data, the link will expire. If an entire team of researchers need to access the data, then it is vital users can set expiry dates after the link is inactive.

As essential as these features are, IT administrators cannot solely rely on the goodwill of users. This is where policies become useful, as they allow you to enforce that “whoever shares a file must set a number of downloads” or alternatively, “must set an expiry date”. Whatever the size of the organisation, you will want to set boundaries for more junior users and give more flexibility to senior member such as professors, it is therefore good to see if the solution entails groups and policies.

Solid infrastructure & fast transfers: whilst this may sound more like a purely sales feature, it is vital that staff adopt your file transfer solution. Beyond a well-designed interface, the speed of upload and time for the receiving party to download and access are absolutely critical to that adoption. What is the risk of going for a cheaper provider, who may have limited servers throughout the world and therefore slower speeds: users will revert to file transfer apps they may use personally, but not integrated into the university’s infrastructure, and over which you have no control or visibility, potentially open to being hacked and your data being leaked.

This brings us to a last important consideration: a modern file transfer solution needs to integrate with the rest of the healthcare system’s set up. Whilst convenience can directly benefit, more prosaically, tying the file transfer platform into the same account system will mean a lower risk of breach.

So, to all IT administrators in the healthcare industry, in this fast-evolving environment, it is imperative to anticipate the coming challenges, and ensure that you can not only recover swiftly from security breach but avoid the breach altogether by ensuring users are interacting and sharing data on a modern and secure file transfer platform.

By Nicole Lin, Managing Director of Synology UK

Exit mobile version