The storage and sharing of corporate data has come a long way in the past century. Filing cabinets and storage units full of cardboard boxes are becoming less and less common as technology has paved the way to new ways of doing things.
As companies expand to occupy multiple locations across the globe and accommodate remote workers and teams, the cloud has become an integral part of how information is stored, shared, delivered, updated, edited, and more. Unfortunately, recent polls by FICO shows that 36 per cent of Canadian firms do not have insurance against any cyberattack.
While the cloud offers many great benefits—for example, co-authored documents that allow multiple people to see updates in real time—it also brings with it a bevy of potential security risks.
Security concerns of file sharing
Online file sharing, whether through the cloud or via email, is an incredible business asset—when properly implemented. If it’s misused, however, it also becomes an incredible liability.
Suddenly, all of your business’s data, including sensitive information, employee records, and strategic data, is vulnerable and at risk of being discovered by outsiders.
What is particularly troubling is that 80 per cent of data leaks that do occur are entirely accidental. These happen not because of a hacker or industrial espionage, but because of simple human error. If you don’t want to make sure your company doesn’t contribute to that statistic, then there are several clear, concrete steps to take.
Educate employees on the risks
It all begins with your employees. If the people who work for you don’t understand the risk inherent in irresponsible file sharing practices, they’re immensely more likely to continue those poor practices. By educating them on the dangers of file sharing and leaked data, you are empowering them to make informed decisions in how to they do their job from day to day.
It’s important to impress upon your employees that they should never use their personal email accounts to send work-related documents, that they should not use apps or services that have not been approved by your IT department of CIO/CISO, and that they should keep a strong password—weak passwords (i.e. “123456,” “passw0rd,” “companyname123,” the list goes on) are a major security risk, and one of the easiest to remedy. They should also be reminded to keep enterprise applications as up-to-date as possible, since most updates include security patches to cover new and emerging threats.
Remind your employees that they play an important role in protecting the security and privacy of the company, and give them the tools to live up to that expectation.
Use business-grade tools
While cloud-based file sharing apps like Google Drive, Dropbox and free web hosting solutions are fantastic for personal use, they’re made with exactly that in mind—personal use. They aren’t equipped with the same features that make enterprise solutions so secure. If you’re going to employ a cloud-based storage solution for your business, then pay extra for one that has end-to-end encryption of at least 128 bits (though higher doesn’t hurt). If it can be integrated with other services, such as email, then that’s even better.
BYOD also presents security risks, though these can be mitigated by using devices and apps that stand up to rigorous security tests. Again, the importance of keeping enterprise applications up-to-date is paramount.
Implement a formal file sharing policy
The best defense against the risks posed by poor file sharing practices is to leave nothing to chance. This means sitting down with either the IT department in your company, or an IT or cyber security consultant, and addressing every possible angle. What does your file sharing system need to accomplish? Are you avoiding free VPN software that could cause security breach down the line? What risks are there? How do you protect against those risks? How can you prevent the usage of applications not approved under the policy? Is the solution scalable? Can it be adapted to meet new challenges?
Once you have drafted a formal file sharing policy, put it into practice. Make sure that employees are familiar with it, that they know the importance of only using approved, secure applications, and that they understand the dangers of failing to do so. Keep your policy up-to-date to address new risks and always maintain the security of your cloud infrastructure.
File sharing is easy and convenient, and sometimes that’s what can make it dangerous. But as long as you’re cautious of the potential risks, all your files should be safe and protected from unwelcome gazes.