We’ve all been there; you must share a file with your colleague, but you’re met with the dreaded error message: “file too large”. In such situations, you might turn to WeTransfer. But is this really the best option for sharing files?
At Netitude, we understand this issue all too well. Fortunately, our Cybersecurity expert, Shimon Sorga, has provided some insight into the security practices of WeTransfer, a widely used file-sharing service with over 80 million active users. Plus, Micheal Hamer (Virtual IT Director) provides his recommendation for external and internal file-sharing.
Before diving into the nitty-gritty of WeTransfer’s security practices, let’s briefly explain how the service works.
WeTransfer is a file-sharing service that provides the simplest method of sending large files seamlessly across the globe. In fourteen years, it has expanded its services to include productivity and collaboration tools like WePresent and Paper.
WeTransfer provides encryption for files during transfer and storage on their servers. However, it's important to note that they don't provide end-to-end user encryption. This means that files can become vulnerable to unauthorised access when accessed or downloaded through a link, as they become unencrypted.
The existence of this loophole represents a significant security threat. It undermines the effectiveness of WeTransfer's other security measures, including their two-factor authentication (2FA) and the password protection feature available for subscribers of WeTransfer Pro and WeTransfer Premium.
To address this concern, WeTransfer claims to collaborate with two independent security companies and employs ethical "white-hat" hackers to search for vulnerabilities in their services. Additionally, the platform has partnered with Microsoft to enhance its monitoring system for malicious content.
WeTransfer's free version is not entirely secure as the company only encrypts files and user data during transmission and storage without offering an option to secure the files with a password. This increases the risk of information leakage since the download links can be accessed easily by unauthorised parties in the event of a sender's error or service malfunction, as previously mentioned.
As a result, the sender has little control over who has access to the uploaded files. Therefore, avoiding sharing sensitive files through third-party service providers is best.
WeTransfer, like other online services, can be vulnerable to data breaches. In 2019, it accidentally transferred files to the wrong recipients for two days. This is a good example of how involving a third party in file transfers can create additional security concerns.
If you are a fan of WeTransfer’s user-friendly interface, it is important to note that it’s just as easy for a hacker to use. Hackers often use WeTransfer to create malicious URLs or files containing malware and send them to unsuspecting internet users through anonymous emails. The best action is to avoid clicking on suspicious-looking links or downloading files you were not expecting to receive.
WeTransfer is a high-risk, low-reward service. Therefore, we don't recommend it to our clients. Instead, we suggest using a more secure file transfer service like Microsoft SharePoint.
SharePoint allows you and your team to manage data better, easily and securely transfer files, and collaborate more effectively.
Virtual IT Director Michael Hamer states, "When you share from SharePoint, your data stays completely under company control. Your IT team will have worked with your compliance and legal team to set up policies that help you to follow best practices and avoid sharing mistakes which could expose sensitive data more widely than expected".
Some benefits of SharePoint include secure cloud storage, real-time co-authoring, customisable permissions, and powerful search capabilities, all integrated with Microsoft 365 tools for increased productivity and effective version control.