Filter by Category

FTP May Be Free and Easy to Use, But That's the Problem

It happens in your office every day: someone on your team hits a roadblock when they realize that email just won't handle the huge file they need to send immediately. Another coworker starts to send an account number or password via email and realizes that, perhaps, an email isn't all that secure. FTP alternative, managed file transfer

That's when the tech savvy gal in the corner suggests the obvious solution: just send that file or sensitive personal information via FTP!  She lists a variety of "free" tools that can be downloaded easily, as well as a couple cloud solutions, and in desperation (and often ignorance), your coworker takes her advice and a new FTPer is born.

FTP, or "file transfer protocol," is a solution that's been available for more than 30 years. Within the last decade, so many free or inexpensive FTP tools have become available that many of us assume that FTP must be a reliable solution, or why would so many people be using it?

As we know with many of society's ills, just because something is easy to find and popular to use doesn't mean it's a smart or effective idea.

The Downside of FTP

While FTP may be able to send large files, standard FTP -- like email -- is not secure, and is therefore vulnerable to hackers.

Rogue FTP tools, like those free tools sprinkled on employees' PCs, start to become a liability to the company, both financially and to its reputation and credibility.

To begin with, multiple employees with multiple FTP tools mean that no one has a master view of the flow of data in and out of your company. It's impossible to know who is sending what to whom, and who is receiving files from where.

State and Federal laws require that data which contains personally identifiable information must be encrypted and secured. This also applies to most of the financial data that we collect and create. How can you keep tabs on all of this with a lot of FTP processes running on various PCs throughout the office?

Second, because FTP is not secure, the company increases its risk for a data breach. Costs to notify those affected when a data breach occurs, combined with the fines that can be assessed, can be in the millions of dollars, not to mention the damage to the company's brand.

If Not FTP, Then What?

One approach to control FTP traffic is to set up restrictions on the corporate firewall, essentially prohibiting access for all but specifically authorized personnel to the ports required for FTP processes to work.

Chances are, though, that the same tech savvy employee who suggested FTP in the first place also knows how to bypass this restriction by finding different ports or switching to online FTP services. For determined FTPers, even our cell phones are equipped to send and receive files.

So, if it's hard to stop it, the next best option is to educate your employees and promote clear expectations and consequences regarding sending files and sensitive data from work. Many employees want to do the right thing but don't understand the implications of sending sensitive data through the easiest - though not necessarily the safest - means.

Another option that's rapidly growing in popularity is the implementation of a secure file transfer solution that can be configured to allow users to send and receive large files and sensitive information within their daily workflow, but with the addition of administrative control and much greater security.

In combination with setting up appropriate firewall rules and educating all employees of corporate policy and procedures, a managed file transfer solution like GoAnywhere MFT will keep your employees - tech savvy or not - productive and happy, and give your IT department peace of mind knowing that the company data is secure.

Learn about the benefits and features of our secure FTP software.

 

Comments (4)

  1. Daniel Cheney:
    Jul 17, 2012 at 04:15 PM

    Jayce, I totally see your point. What we do over and over becomes seemingly easy to do. The first time for me was a long time ago and it was a bear. I agree that the "simple" FTP servers are usually the free ones and yes, some of them are difficult to get working. The ones that are not free are easier to setup to the point of simple point and click installs. The "pay for" software vendors have put extra effort into making the software intuitive and easy but want money to make it worth their extra effort. I think that's fair. If you're serious about setting up an FTP server, it is well worth the money because it saves you setup time and lots of admin time down the road. Best of luck.

  2. Jayce:
    Jul 13, 2012 at 10:56 AM

    Whoever said FTP is lying. Like most things, once you nkow how to do something, it's always easy. What's hard to remember is your first experience with FTP. I bet it was a nightmare.
    I've taken schooling (allowing me take the CompTIA, CCENT and almost CCNA) and received honours marks. I'm fairly bright and compitent and yet 3 days later trying to set up a very simple FTP server for me and my friends (even in active mode with no firewalls, the least secure thing out there) and I can't get it work.

  3. Jon:
    Apr 25, 2012 at 07:49 AM

    Dreadful article. FTP Must Die is far more technically interesting, accurate and detailed: http://mywiki.wooledge.org/FtpMustDie. Your solution to FTP being in the clear is "managed FTP"? Fail.

    1. Daniel Cheney:
      May 10, 2012 at 12:00 PM

      Yes. FTP is, as you say, outdated for the 21st century. Thus we have to wrap more robust solutions such as Managed FTP around this inadequate tool that was designed before the internet became the de-facto standard for digital communications. Fail you say? What alternatives would you suggest?

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


Recent 2018 Data Breaches in Healthcare (and How to Avoid Them)

November 14, 2018

Phishing attacks, malware, and employee errors. These are three of the most recent causes for healthcare data breaches in 2018, with more certainly to come. The year isn’t over yet. For anyone…


Which is Better: SFTP vs. MFT?

November 6, 2018

SFTP, or MFT: that is the question. Even though we’re not all famous poets like William Shakespeare, many IT professionals will ask this question at some point or another. Should they use an…


What You Need to Know about the California Consumer Privacy Act (CCPA)

October 30, 2018

Businesses be aware: if you’re located in California or work with customers from California, a new privacy act similar to the GDPR is coming for you. This gives you just 14 months to analyze…


The Best Cybersecurity Strategies for Banks and Financial Organizations

October 18, 2018

Banks and financial institutions, take note: though the year is almost over, no one is safe from a data breach. Industries across the board have seen 4.5 million records stolen so far in 2018—a…


What is Managed File Transfer (MFT)?

October 10, 2018

As companies recognize a need for a solution that meets their file transfer, automation, and encryption needs, the question often arises: what is managed file transfer and how is it different from my…