The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

Unsecured File Sharing is Risky Business

Erjon Xhepa

Posted by Erjon Xhepa
Mon, Jan 09, 2017

File sync-and-share apps have become increasingly popular with enterprises, both small and large.

File_SharingIn some organizations, the ability to share and edit electronic documents is essential to their operations. Used properly, file sharing can enhance productivity, creativity, and collaboration. Used improperly, it can cause data security nightmares.

Hackers and other cyber crooks are always looking for the weak spot in any network security system. They're constantly probing and testing firewalls and antivirus software, or going on “phishing” expeditions looking for victims. But, sometimes, they get lucky and an unsecured document or email just drops into their laps.

RELATED: Is Antivirus Software Really Dead?

A mistake in peer-to-peer (P2P) file sharing can result in anything from a slight inconvenience to a major security breach. As a member of Meridian’s VCIO Team, I consider secure file sharing to be a top priority. In this post, I'll explain why it should be one of your top priorities, too.

Read on to learn more about:

  1. Key points that should be included in your policy for secure file sharing
  2. Risks associated with unsecured file sharing
  3. Advantages of secure file sharing practices
  4. Guidelines to help determine who should be responsible for preventing unsecured file sharing in your organization

What’s your policy for secure file sharing?

Here are some key file sharing policy points your IT department, and/or your managed services provider (MSP), should have in place regarding document and file sharing security:

  1. A clearly stated organizational policy and procedural rules for the adoption and use of all file sharing methods, including cloud-based and file sync-and-share applications.
  2. Clear transparency and visibility by IT into all file sharing apps used by employees to share or transfer any work-related data.
  3. Full IT ability to manage and control access to, and the sharing of, sensitive enterprise documents.
  4. Have regular training and awareness sessions to educate employees, mangers, and partners or contractors on the risks of data loss or theft when engaging in file sharing or collaboration.
  5. Depending on your industry, stress compliance with the appropriate regulations.
  6. Conduct regular audits and assessments of your file and document sharing practices.

RELATED: Free Workbook Download: Is Document Management Software right for you?

What's the risk?

unsecured-file-sharing-is-risky-business.pngFirst of all, you should assume that some amount of unmanaged and unauthorized unsecured file sharing is happening. Employees may send unencrypted emails, fail to delete confidential documents or files, or accidentally forward files to unauthorized recipients. They may try to use their own personally-selected file-sharing or sync-and-share apps at work, regardless of whether or not those apps have been vetted and approved by IT.

With the above stated policies in place, the IT department has a much better chance at damage control and at identifying data security vulnerabilities.

If the ultimate control and responsibility for secure file sharing and collaboration lies with your IT security experts, your organization will have a greater ability to:

  1. Deploy identity and access management (IAM) tools to manage and control user access to sensitive files and how they are shared.
  2. Prevent employees from installing unapproved programs and applications on enterprise devices, and remove them if necessary.
  3. Block traffic associated with unapproved P2P file sharing applications at the network perimeter or firewall.

RELATED: Does Your Firewall Policy Extinguish Network Threats?

Who's responsible for preventing unsecured file sharing?

Preventing unsecured file sharing is an enterprise-wide task, and as an IT professional, I take the responsibility personally. I accept it as a fact of modern business life that human beings will make mistakes, or software and hardware will become outdated. Enterprise circumstances change, therefore effective data security must be dynamic — requiring constant monitoring, updating and patching.

You may also like: 5 Key Principles for Data Security

It also involves a lot of awareness, education, and training. Keeping sensitive information secure may be every employee’s responsibility, but it is up to the IT department to keep them informed about the risks involved. Employees need to know how to keep sensitive information out of shared drives and folders and how to limit what other P2P users may see. The U.S. Federal Trade Commission has some useful information on file sharing here.

RELATED: Your Biggest Threat to BYOD Security Could Be Your Employees

According to a recent Ponemon Institute independent survey, less than half (46 percent) of the organizations surveyed said that either their chief information officer (CIO) or chief information and security officer (CISO) had the “ultimate responsibility for securing document collaboration and file sharing activities.” Personally, I strive to be in that category.

In order to prevent risky file sharing practices have a managed services provider (MSP) evaluate your current situation. A proactive MSP will patch and monitor any potential threats and vulnerabilities to keep your files safe and will also create a policy to ensure secure file sharing.

Ready to get started? A thorough assessment of your technology environment and business processes can improve system reliability, streamline business processes, and improve focus on core competencies. Click here to request an assessment.  

Erjon Xhepa

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success

 

Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook

 
DM_Workbook_Cover_Page.jpg

Download