A survey by Kaspersky has revealed that accidental data sharing by staff now produces a greater amount of lost data than software vulnerabilities. 29% of respondents to the study reported they had suffered accidental data leaks by staff during 2014.
Whilst the study does not directly point a finger to consumer-file sharing apps like Dropbox and Google Drive, their increasing use in the enterprise cannot be denied. The security risks of using these consumer file-sharing apps for enterprise information are well documented.
Employees are using these sites because they are simple to use, are often free to use or can be purchased without officially requesting new infrastructure, and can be installed quickly on your own device without the involvement of IT.
> See also: How businesses are finding the silver lining in personal cloud apps
However, this is causing a major headache for IT departments frightened of losing control of files inside and outside the workplace, especially as compliance requires knowledge of and control over the data’s location.
And with no centralised management or security, these consumer-grade file-sharing platforms can be a nightmare for IT administrators.
The problem with consumer file sharing tools is that this type of file sharing is usually based on the public cloud. Sharing high-value confidential and sensitive data on public platforms such as Dropbox creates real security and compliance risks.
Under the Data Protection Act 1998, when a business loses personal data, the Information Commissioner's Office (ICO) has the power to fine it up to £500,000 and even in extreme cases send individuals to prison.
What makes this an even bigger issue is that personal data has a wide definition – namely, any information that can be used to identify an individual. Businesses who don’t flag this up will one day be caught out and could face very hefty fines.
But secure file sharing and collaboration is possible and does not have to be complex. IT departments responsible for data security know confidential data must be made accessible to those with a need-to-know and protected from access by others.
The challenge is putting the right levels of control in place to ensure the business workflow runs smoothly.
A holistic approach to data security and file sharing in business in the 24/7 digital economy is the best way forward. It will not be long before businesses start to ban the use of consumer storage platforms such as Dropbox in the workplace. So it makes sense to tackle the so-called ‘Dropbox Dilemma’ in your workplace now.
Here are a few pointers to putting the right level of control in place to make secure file sharing work in your workplace:
When looking for an alternative enterprise-ready file sharing and collaboration solution it is important that it is all encompassing. It needs to be intuitive and integrated into the business workflow so as not to cause bottlenecks and backdoor leaks.
With an increasingly mobile workforce, the solution must allow employees to securely manage and collaborate on confidential documents and other information both within the local IT infrastructure and also remotely – i.e. across the Internet and on mobile devices.
Don’t be caught out by opting for a solution that will force you to choose between convenience and security. The two, along with an intuitive interface for less sophisticated users, should go hand in hand.
> See also: Does Dropbox's IPO signal the beginning of the end of the cloud storage wars?
Data leaks are usually down to three types: the careless, the clueless and the malicious. Cover these off on your security protection and you are eliminating the majority of risk that affects companies.
Establish a clear policy for document security in the workplace and ensure that all employees understand it.
Highly confidential data should be pinned down and accessed only on a need-to-know basis.
Put security options in place that prohibits changes being made to documents unless authorised.
Even if you ban certain file sharing programmes, some people might still try and install them. It is important to monitor and audit your network on a regular basis. Scan activity logs on a daily basis to check for any unauthorised activity on the network.
And don’t forget – having secure file sharing in place can improve your bottom line as it significantly reduces the risk of losing sensitive business information as well as financial vulnerabilities linked to failing to comply with laws and regulations.
By making security your goal and establishing exactly the level of security you need in place for file sharing and collaboration you can stop worrying about security threats and get on with the job in hand – running a successful business that can take full advantage of growth opportunities.
Sourced from Mark Edge, UK Country Manager, Brainloop
