FTP is only acceptable when running an anonymous FTP server that distributes non-sensitive information. Many software companies, for example, use this mechanism to distribute patches and other updates.
Fortunately, there are ways to secure FTP, and there are also safer alternatives to the protocol. If FTP must serve as the data transport method, the easiest way to bolt on encryption is to connect to a VPN first, provided that the VPN endpoint device is logically close to the server that you're connecting to. By default, a VPN offers encrypted communications over the Internet. Typically, a company will only let employees or close affiliates connect to its VPN, so this might not be an option in all circumstances.
If you're in a position to suggest an alternative protocol, go with a secure FTP (SFTP) client. It not only uses the same command syntax as a standard FTP client, but also adds encryption to secure the connection. There are many free SFTP clients available; I prefer the free PSFTP client.
More recent responses from Mike Chapple:
Dig Deeper on VPN security
Related Q&A from Mike Chapple
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading