File sync-and-share apps have become increasingly popular with enterprises, both small and large.
In some organizations, the ability to share and edit electronic documents is essential to their operations. Used properly, file sharing can enhance productivity, creativity, and collaboration. Used improperly, it can cause data security nightmares.
Hackers and other cyber crooks are always looking for the weak spot in any network security system. They're constantly probing and testing firewalls and antivirus software, or going on “phishing” expeditions looking for victims. But, sometimes, they get lucky and an unsecured document or email just drops into their laps.
A mistake in peer-to-peer (P2P) file sharing can result in anything from a slight inconvenience to a major security breach. As a member of Meridian’s VCIO Team, I consider secure file sharing to be a top priority. In this post, I'll explain why it should be one of your top priorities, too.
Read on to learn more about:
- Key points that should be included in your policy for secure file sharing
- Risks associated with unsecured file sharing
- Advantages of secure file sharing practices
- Guidelines to help determine who should be responsible for preventing unsecured file sharing in your organization
What’s your policy for secure file sharing?
Here are some key file sharing policy points your IT department, and/or your managed services provider (MSP), should have in place regarding document and file sharing security:
- A clearly stated organizational policy and procedural rules for the adoption and use of all file sharing methods, including cloud-based and file sync-and-share applications.
- Clear transparency and visibility by IT into all file sharing apps used by employees to share or transfer any work-related data.
- Full IT ability to manage and control access to, and the sharing of, sensitive enterprise documents.
- Have regular training and awareness sessions to educate employees, mangers, and partners or contractors on the risks of data loss or theft when engaging in file sharing or collaboration.
- Depending on your industry, stress compliance with the appropriate regulations.
- Conduct regular audits and assessments of your file and document sharing practices.
What's the risk?
First of all, you should assume that some amount of unmanaged and unauthorized unsecured file sharing is happening. Employees may send unencrypted emails, fail to delete confidential documents or files, or accidentally forward files to unauthorized recipients. They may try to use their own personally-selected file-sharing or sync-and-share apps at work, regardless of whether or not those apps have been vetted and approved by IT.
With the above stated policies in place, the IT department has a much better chance at damage control and at identifying data security vulnerabilities.
If the ultimate control and responsibility for secure file sharing and collaboration lies with your IT security experts, your organization will have a greater ability to:
- Deploy identity and access management (IAM) tools to manage and control user access to sensitive files and how they are shared.
- Prevent employees from installing unapproved programs and applications on enterprise devices, and remove them if necessary.
- Block traffic associated with unapproved P2P file sharing applications at the network perimeter or firewall.
Who's responsible for preventing unsecured file sharing?
Preventing unsecured file sharing is an enterprise-wide task, and as an IT professional, I take the responsibility personally. I accept it as a fact of modern business life that human beings will make mistakes, or software and hardware will become outdated. Enterprise circumstances change, therefore effective data security must be dynamic — requiring constant monitoring, updating and patching.
You may also like: 5 Key Principles for Data Security
It also involves a lot of awareness, education, and training. Keeping sensitive information secure may be every employee’s responsibility, but it is up to the IT department to keep them informed about the risks involved. Employees need to know how to keep sensitive information out of shared drives and folders and how to limit what other P2P users may see. The U.S. Federal Trade Commission has some useful information on file sharing here.
According to a recent Ponemon Institute independent survey, less than half (46 percent) of the organizations surveyed said that either their chief information officer (CIO) or chief information and security officer (CISO) had the “ultimate responsibility for securing document collaboration and file sharing activities.” Personally, I strive to be in that category.
In order to prevent risky file sharing practices have a managed services provider (MSP) evaluate your current situation. A proactive MSP will patch and monitor any potential threats and vulnerabilities to keep your files safe and will also create a policy to ensure secure file sharing.