 |
Fresh off the presses!Take a moment to read up on the latest exciting news from McLellan Group, and hear what some of our talented team have to say on whatever topic may strike their fancy. We invite you to share in our successes, and find out what inspires us. |
|
 |
FTP SecurityOctober 29, 2008Digital communication between a corporation and its agencies is essential for sharing strategy, concepts, timelines, proofs and even final work. Recently, concerns have been raised by a number of corporations about just how secure some "secure" sites really are. We’ve all heard reports about companies whose former employees and associates have accessed file repositories full of sensitive information, long after they have left their respective organizations. A common reason for this happening is the practice of many agencies to use FTP (File Transfer Protocol) systems to share large files between themselves, their clients and suppliers. FTP is a granddaddy of a protocol that was created in 1985 and it isn’t a particularly secure protocol. While there have been enhancements made to make it more secure from hackers and eavesdroppers, it is still a password-based system. Whenever you allow access to content via the public internet that is protected only by a user name and password, no matter what system or protocol you’re using, the biggest security risk is that “valid” user names and passwords will be used to access your information. FTP servers tend to be managed in “the back room” by an IT-focused team. The project management and creative professionals who are posting files, typically have no idea what accounts are active and the entire system relies on the appropriate people remembering to tell the FTP administrator to disable accounts when necessary. FTP servers also tend to be a free-for-all dumping ground for both in-progress and completed project files, haphazardly organized in subfolders. There have been many occasions where we have gone to access files on some of our client’s suppliers FTP servers and have inadvertently been given access to files belonging to other clients. At McLellan Group we avoid the use of FTP servers whenever possible, in favor of a browser-based solution. Since so many of our projects have video elements, we use a proprietary system under license. Our administration is done by a group of authorized users – there is no need for an account manager to ask an intermediary to delete or add an account. They can do it themselves. The users of our system are assigned individually when a new project is created. Users only have access to the projects they are working on. Should an originally authorized user at one of our clients leave or be terminated, but fall through the cracks and somehow not get deactivated, they would not have wholesale access to every other project or communication on the site. The only way to guard against these types of password based security breaches is plain old-fashioned common sense and attention to detail. We make sure that the deactivation of all computer accounts is a standard part of our HR procedure at the time of a staff departure. We recommend that our clients make a habit of informing all suppliers who have on-line accessible collaboration tools about the departure of any of their staff who may have access to such systems. |
|
![McLellan Group [Home]](../images/MG_logo.gif){kind=logo}
© 2008 mclellan multimedia group corp.