Globally, around 30,000 hackers break into websites daily, and in 2020, 64% of companies worldwide experienced at least one form of cyber attack. It’s no wonder you’re asking if FTP is secure. There are various file-sharing options to choose from–FTP, SFTP, FTPS, HTTPS, EFSS, and Collaborations System, among others; many companies default to using FTP (file transfer protocol), but is this decade’s old file-sharing option safe? We’ll review what FTP is, why it’s used, if it’s right for your business, and how to protect your business and its data from a breach.
What is FTP?
File Transfer Protocol (FTP) is a network protocol used to transfer files between computers over the web. Users granted access can receive and transfer files in the FTP server known as the FTP host/site.
FTP provides basic, unencrypted file transfer capabilities to connect users over the internet. Developed in 1971 and thoroughly used throughout the 90s, this file-sharing option is now an archetype of the past, replaced by SFTP and SSH.
The thing is, FTP wasn’t designed to be secure and has many security vulnerabilities like:
- Packet Sniffing. FTP is plain text which means it’s not encrypted. All transmissions, logins, passwords, and data are readable by anyone on the network.
- Brute Force Attacks. Because FTP isn’t encrypted, it’s highly susceptible to hackers systematically checking frequently used passwords until the correct password matches.
- Anonymous FTP Vulnerabilities. Anyone can access older or anonymous FTP servers without needing a username or password.
- Port stealing. Hackers can guess the next open port or use a PORT command to gain access as a go-between.
FTP doesn’t provide any safeguards preventing even the most inexperienced of hackers. Additionally, federally compliant organizations or networks can’t use FTP because of its lack of security. In fact, in 2017, the FBI issued a notice and warning about the potential for data breaches in the healthcare system for organizations using FTP.
How to Secure Your Data
Easy, don’t use FTP. Seriously. There are other protocols like SFTP, FTPS, and HTTP. SFTP (Secure File Transfer Protocol) is the refreshed, secure version of FTP.
Other ways to keep your data secure:
- Frequently update your protocols. Attacks over protocols occur when you slack on updating your system.
- Install an SSL (secure socket layer) certificate. SSLs encrypt the data on your website.
- Use 2FA (two-factor authentication). Minimize the chances of hackers breaching your server.
There’s definitely a time and a place for using FTP. An FTP server allows you to organize your files, provide access to other users to download these files remotely, and also set permissions for what users can and can’t do to your files. If you choose FTP, we recommend having your own private FTP server with a strong password. This way, you can transfer your files easily, but without security concerns.
Despite its security concerns, FTP remains available for file sharing but isn’t recommended for most uses. When using FTP, ensure you’re following every security protocol possible and consider using other alternatives like HTTPS or SFTP.