Information Security Tips Series
Online File Sharing Security (2)
In the last issue of OffBeat, we pointed out that Force members should be careful in sharing their own files or data with friends. In this issue, we talk about what they should do when sharing corporate data or files within their organisations or offices.
Apart from the traditional method like floppy disks and CD/DVD, Force members may use official USB thumb drives to exchange and share files. The files inside the thumb drives will be automatically encrypted and will be automatically deleted if an incorrect password is input for a limited number of times. So the risk of data leakage will be greatly reduced even if the thumb drive is lost. However, as the thumb drive cannot be passed to other persons, the drive holder should be present in order to share the files.
Depending on the sensitivity and classification of data, floppy disks or CD/DVD may be considered for file sharing. Force members should encrypt the sensitive files and personal data before storing them in these media. The encryption password or key should not be marked or stored together with the media. Besides, these media should also be passed to other peers in person or with other reliable methods to minimise the risk of data leakage if the media are lost.
Internal email system can also be used to exchange and share files among peers within an organisation. Force members should pay attention to the recipient list before sending emails. Sending sensitive files to wrong recipients could cause unpredictable or adverse results.
One doesn't need to be a computer genius to protect the corporate data from being leaked. What one really needs is a little common sense.
* Don't write down the password or store it with the encrypted files or media;
* Don't store any corporate data, temporarily or not, in any privately owned computer or equipment without approval; and
* Don't pass or store corporate data or files, temporarily or not, to other unauthorised parties or channels like online storage providers, peer-to-peer network or email providers.
The word "Temporary Sharing" could mean "Permanent Sharing" in the Internet era, especially when the data are transferred or stored in somewhere you don't know or you cannot touch. So one should not try to share corporate files or data in any unauthorised way for the sake of convenience.
