Need a secure way to share files among employees in a small business.

[LMF5000]

We are a small company with less than 10 employees who work on generating artwork and documentation.

We need a secure solution for giving employees access to the latest version of the working files.

Currently we use google drive for this. Everyone just opens the docs from the drive and saves directly to it. It syncs the files on all our PCs within a few minutes so for the most part everyone always has the latest files on their hard drives

Is there anything better we could be using?

I've thought of setting up some sort of file server on one of the PCs, which the other PCs would access - but how could I go about setting it up, securing it, and managing permissions so that only some employees have access to some of the files?

By "securing" I mean protecting the data from being read by external hackers, and guarding it from fire, theft, ransomware and so on. We already do weekly backups on portable hard drives kept in remote locations, and they can easily be encrypted with VeraCrypt, but how would we encrypt the server in such a way that everyone can still access the files? Would we share a big encrypted file container and give every employee the password to mount it, or would it wreak havoc with VeraCrypt if multiple PCs are writing to the container at the same time?

We don't mind paying for software, if it exists, that can do this task in a quick and easy way.

 

[PliotronX]

I've tried TrueCrypt/Veracrypt with cloud sync and as long as the container is mounted on a system, the Google sync client will not upload changes until the container is dismounted. If that sounds okay, its not a bad way to go but sharing the password among multiple users can be a security risk and I would imagine that you are looking for something that can at least be read by multiple users simultaneously (otherwise productivity is zilch for anyone else). You mention external users, does this mean that you all typically spend time working within the same office network? I still like the idea of hosting shared data on site because the poor upload speed of most internet connections means slowness for saving changes. Though this means possibly hiring outside help for securely implementing on premise infrastructure and IDS to alert you or other designated users of potential problems in an automated fashion. You may look into business subscriptions with per user authentication, auditing, and BSA for HIPAA like DropBox for business or Sync.com. Spideroak is another good one for security though might be less user friendly. Sharepoint, either online or on prem might be even better because it has robust audit logging but is spendy.

 

[LMF5000]

For the truecrypt/veracrypt option I had in mind storing it on the hard disk of our fastest office machine and sharing the folder it is in using windows 10's homegroup sharing.

All our PCs run windows 10 Home. We only have ~10 desktops and laptops. Day-to-day access is between employees in the same physical building, with all PCs connected to one physical switch (either over ethernet cable or WiFi). However we sometimes share some data with external contractors - for that we use Google Drive (it sends an invite to their email).

I'm thinking of setting up a NAS, but I'm not entirely sure how to secure the data so somebody over the internet can't hack in and steal everything (considering this will be running 24/7). So some form of data encryption would be much appreciated.

 

[sourceninja]

What is the pain point of using google drive? If you have a G Apps account you can setup team drives and use Google Drive Stream to not need to cache all files on each machine. It's a very nice setup with permissions, security, and access controls. If you can explain your pain points I can probably assist in a few options.

 

[Thebobo]

What is the pain point of using google drive? If you have a G Apps account you can setup team drives and use Google Drive Stream to not need to cache all files on each machine. It's a very nice setup with permissions, security, and access controls. If you can explain your pain points I can probably assist in a few options.

My agency use Google Email and Drive and use groups for files and sharing it works great.

 

[LMF5000]

What is the pain point of using google drive? If you have a G Apps account you can setup team drives and use Google Drive Stream to not need to cache all files on each machine. It's a very nice setup with permissions, security, and access controls. If you can explain your pain points I can probably assist in a few options.

Good point. Our greatest concern is if the data gets compromised - i.e. google drive gets hacked and confidential information leaks out, or we get targeted by ransomware and all the files are encrypted and overwritten. To be fair google drive is serving us well, but we're asking to see if something else might serve our needs better.

 

[PliotronX]

What is the pain point of using google drive? If you have a G Apps account you can setup team drives and use Google Drive Stream to not need to cache all files on each machine. It's a very nice setup with permissions, security, and access controls. If you can explain your pain points I can probably assist in a few options.

TBH I've not played with G Suite but this makes sense from all angles! Familiarity with Drive will come into play for all users. I think G Suite has a trial to boot.

 

[LMF5000]

Sorry for not mentioning it earlier, but we do use G suite. However the admin is the company director so I'm not aware of the full functionality that the google drive admin page provides - my experience with it is only as one of the users.

So, another question. What's the best software for backing up? We use freefilesync with great success, the only thing it lacks is support for making incremental and differential backups so we can't have historical versions of files. In other words, if the files get encrypted by ransomware and we inadvertently back it up, we will have two useless copies of the same data.

Lastly, for setting up a mini in-house server (with special OS running in virtualbox), would you recommend RAID 1 implemented by the motherboard/BIOS, or RAID 1 implemented by a mirrored volume in the Windows (or possibly Linux) host OS?

 

[sourceninja]

So first, G Suite has versioning built in, so ransomeware isn't that big of a worry. That does not mean you don't need to make a backup however as it is possible someone could write a tool to delete those versions. There are a lot of good back solutions for gsuite. Here are a couple.
https://www.cloudberrylab.com/backup/gsuite.aspx
https://www.backupify.com/gsuite-backup

The first one backs up to s3, so you can use s3's versioning and encryption as well as the software's.

Personally I'd use google team drives with solid permissions (maybe prevent all deletes except by admins) and then use a backup tool for redundancy. If your pain point isn't access speed I see no reason to have a local server. You are not gaining anything but complexity that way.

 

[Skunk-Works]

Compress the files in a SFX archive with 7-Zip. SFX archives are self-extracting and can be encrypted with AES 256.

 

[LMF5000]

Thank you everyone for the replies. We've tested a couple of alternatives and following our internal analysis and the comments in this thread we have decided to stick to Google Drive/G-suite and continue to do regular backups (daily, weekly and off-site) using FreeFileSync. Thank you all for the input.