Skip to main content
Documentation

Configuring Files.com For Maximum Security

For the highest level of security on your Files.com site, follow the recommendations below.

To prevent accidental transfers of files on your account using insecure FTP, do not enable Plain/unencrypted FTP support.

Do not allow connections with insecure ciphers via the HTTPS, FTPS, and SFTP ciphers setting.

Consider enabling security features like IP whitelisting, country restrictions, and strong password requirements on your Files.com account.

Set the retention period with the Keep deleted files for setting as low as possible to minimize the amount of your data we retain as backups. For maximum security, set this value to no higher than 30 days. Many of our customers enter lower values such as 7 days or even 0 days.

Implement and enforce the use of two-factor authentication (2FA) for all user accounts.

Implement and enforce the use of SSH/SFTP Keys for SFTP instead of using a password.

BAA and HIPAA

If you have a HIPAA BAA signed with us then, in order to meet compliance, your site will have these restrictions applied.

Your site will not have the option to enable the use of insecure FTP.

Your site will not have the option to enable the use of insecure ciphers for data transfer.

Storing data in a specific geographic region, such as the USA, is not a legal requirement of HIPAA. However, if storing data in a specific geographic region is important to your organization, configure your site to use only those regions.