Securing your Globalscape Solution


To all Globalscape Customers,

With the increased frequency and sophistication of attacks in the MFT industry, we are monitoring our systems closely and taking actions to further harden our security posture. We have been made aware of an unspecified threat against the MFT Industry. We have no reasonable evidence to believe that we are the specific target of the threat, however, we are being proactive out of an abundance of caution.

We're asking for your involvement to further strengthen the security posture of your Globalscape systems. This message serves as a reminder to review and, if necessary, adjust your security settings on your Globalscape solution, ensuring they align with best practices, including any laws, regulations, and/or other security requirements applicable to your organization.

As per our helpful security best practices article, we recommend the following actions:

  1. Create a specific AD account on which EFT’s service is to run with the minimum necessary permissions.
  2. Do not use the default administration port (1100).
  3. Enable and define a complex security scheme for administrator passwords to include a minimum password length of 12 to 16 characters, and prohibit the use of the previous 99 passwords.
  4. Enable strong account lockout policies.
  5. Create sub-administrator accounts with the least amount of privileges necessary for help desk or operational administrators.
  6. Do not give sub-administrators access to COM or the ARM (report) module unless necessary.
  7. Keep your software up to date to maintain a secure environment. Regular updates ensure that you have the latest security patches and performance improvements.
  8. Frequently monitor who has access to your Globalscape platform. If there are users who no longer require access, consider revoking it to minimize potential vulnerabilities.
  9. Disable/remove event rules that are no longer in use.
  10. Enable MFA where available.
  11. Rotate account credentials/authentication keys in EFT event rules and workflows.
  12. Only use encrypted protocols.

With Fortra's Globalscape's comprehensive visibility features, regularly review your file transfer logs. If you spot any unusual activity, please alert us immediately. We understand that maintaining the highest levels of security and compliance can be complex. Our customer support team is here to assist you at every step of the way. If you require any help or have questions about optimizing your security settings, do not hesitate to reach out to us using the support portal.

We appreciate your attention to this critical aspect of our shared digital ecosystem. Together, we can continue to ensure the secure, reliable transfer of sensitive data. Thank you for your support and your continued trust in Fortra's Globalscape.