Every day, in order to perform their jobs, workers exchange files over the Internet through email attachments, file sharing services, and other means. Many of these files aren’t adequately protected against eavesdropping and manipulation by attackers. The sudden surge in people working from home has increased the need for Internet-based file exchanges, worsening the risks to security and privacy.

To help organizations reduce potential exposure of sensitive information, NIST has released a new Information Technology Laboratory (ITL) Bulletin on secure file exchanges. Key concepts in the bulletin include:

• Identifying users’ needs to exchange files;
• Providing solutions to address the identified file exchange needs that take both security and usability into consideration;
• Training users on the file exchange solutions;
• Using cryptography to protect the confidentiality and integrity of files and file exchanges; and
• Conducting monitoring to ensure file exchanges are being protected.

The bulletin discusses several possible solutions for secure file exchanges, as well as numerous examples of methods for detecting file exchanges that aren’t properly protected.

NIST has identified many resources for organizations and individuals that are now teleworking in a larger capacity than before. These are linked from the Telework Cybersecurity section on NIST’s Computer Security Resource Center (CSRC) homepage.