Enterprise file sharing creates a tremendous opportunity for the free-flowing exchange of ideas. As tools enabling enterprise file sharing proliferate, businesses are becoming more efficient and employees’ productivity is rising.
But with more people empowered to share files and data, the chances of data loss and leakage are inherently going to rise.
Any kind of data loss or leakage is a threat to an enterprise. Data leakage frequently happens by accident. For example, someone using a consumer-grade file sharing solution such as Dropbox uploads sensitive information onto a third-party server. Once this data in on a Dropbox server, it’s out of your control.
Poor enterprise file sharing policies and procedures could lead to a loss or leakage of intellectual property, violations of regulations or other privacy acts, breaches of confidential information, credit card data loss and more.
Consider these threats to enterprise file sharing today.
1) High-volume, easy access to file sharing tools: More users and devices create more opportunities for data loss or data leakage. Access to smartphones and email is ubiquitous in the workplace and at home. Therefore, people expect the ability to use technology they’re familiar with to exchange files and ideas.
Standard hardware and software makes it easy for employees to accidentally leak data. For example, Department of Defense (DOD) contractors have two sides to their business; one works with the DOD and another works in the public sector. There’s a line between these sides that’s not meant to be crossed. Someone working on a DOD job isn’t supposed to share that information with anyone on the public side. But there’s often a need for people on both sides of the line to communicate.
Imagine if sensitive information from the DOD is accidentally included at the bottom of an email chain. Or consider the security risks if employees inadvertently share sensitive data in Dropbox. A surgeon that takes photos of his work during an operation to share techniques with colleagues could violate patients’ HIPAA rights by uploading those files to Dropbox.
2) Mobility: End users are now accessing enterprise files in places without much security, such as open wireless networks at coffee shops, hotels and airports.
The number of unsecure channels that enterprise files flow through is rapidly proliferating, so you should take steps to ensure that your enterprise files are secure even when accessed on a public network.
Also, consider the increase in data loss or leakage from mobile devices that are lost or stolen. It’s easy to leave such devices behind at a restaurant or in a cab, and determined thieves are quite capable of pilfering from even the most cautious users.
Fortunately, episodes of device theft or loss aren’t too widespread. However, as more workplaces make mobile devices a part of their business, it’s important to have security protocols in place to keep your files safe.
3) Bring-your-own-device (BYOD): The days of company-issued laptops are dwindling. To cut operating expenses and grant user mobility, more companies are allowing employees to use their personal laptops, tablets and smartphones for work.
Employees like BYOD because they’re free to choose their own devices. Businesses enjoy not having to regularly spend significant money upgrading a fleet of company-owned laptops and mobile devices.
BYOD has its downsides, however. When you issue a company laptop, you’re always entitled to access the device and its contents. If an employee leaves the organization, they return the laptop. Now companies must deal with the intricacies of BYOD culture and keeping company data secure on employees’ personal devices. If someone uses their personal laptop for business matters and resigns, what happens to your data?
Hopefully you have a remote wiping program installed on their laptop. But sometime these programs do more harm than good. For instance, what if you trigger a remote wipe of a laptop or smartphone and personal information gets erased along with company files? You’re exposed to a lawsuit.
Data loss and leakage on personal mobile devices is usually unintentional. Often, the device’s owner doesn’t even realize they’re putting your data at risk. IT departments need to be aware of potential data loss scenarios when a user upgrades their personal device. For example, what happens when an Android user gets a new phone? Since Android is a Google OS, the user most likely uses the Google Sync technology to transfer data between their old phone and their new one. While there’s no malicious intent, the potential for data loss exists.
As you’re exploring options to ensure secure enterprise file sharing within your organization, consider information-centric methods of data protection. It’s much more effective to protect the data rather than the device it’s stored on. Look for a tool that allows you to manage information access rights in a multidimensional way. Ensure that you have end-to-end data security protocols in place to achieve the most secure enterprise file sharing possible.
Want to learn more about achieving secure enterprise file sharing within your organization? Download our free white paper, 6 Ways To Address New Risks Posed By Employee File Access & Sharing.