The Risks of File Sharing: Is your Office Technology up to the challenge?
When it comes to office technology, one of IT’s biggest challenges today is employees sharing files online. With a plethora of cloud-based storage tools available and the growing popularity of BYOD (Bring Your Own Device) policies, it is becoming increasingly difficult for organisations to govern file sharing. And yet the relentless push for collaboration – any time, any place – means this is a challenge that must be answered.
The fact is, when it comes to office technology, employees will use the solution that is the easiest and most convenient. While email is the most common way to communicate for work, the constraints around file-size and storage create restrictions when sharing files over email. Also, sending sensitive company information via email makes it highly susceptible to outside threats as we recently discussed in our recent blog “Is your Business Technology doing enough to combat email security threats?”
So, that leaves cloud-based file-sharing services. These are online storage boxes where users can drop files of almost any size and give others permission to access them. Dropbox and Google Drive are amongst the most popular services, with Dropbox alone claiming over 500 million unique users in 2016.
With easy, convenient access to information anytime, anywhere, the advantages of file-sharing services are clear. But if your employees use personal accounts and free services designed for consumer use, such as Dropbox and Google Drive, they could be putting your business at risk. The consumer file-sharing services are simply not designed to work with office technology and protect business data.
Avoid the risks
Uncontrolled file sharing puts your organisation at risk. Problems include loss of Intellectual Property (IP), sensitive data leakage, loss of visibility and lack of control over where data is stored. There’s also the risk of compliance, regulatory and governance breaches.
But one of the biggest threats is ransomware. There are two types: lock screen ransomware prevents you from accessing your PC or files until you pay a “ransom, while encryption ransomware changes your files so you can’t open them and demands a ransom for the decryption keys. The latest research by CSO shows that cyber criminals are holding data for ransom at an alarming rate, with the number of ransomware attacks growing by more than 50% in 2016 compared to 2015.
Because ransomware is typically distributed via email attachments or web links, consumers and smaller business users are the most at risk, as they lack the protection of enterprise-level office technology. That said, with BYOD becoming increasingly common, employees in larger organisations are now at risk too.
How to control document sharing
Document security should be front of mind for all types and sizes of organisations. If you want to give your employees the ability to collaborate and be productive, you need to give them a way to share files that’s as easy to use as consumer-grade services, but with all the security provisions of office technology.
Here are five essential steps to keep business information protected:
- Use a business-grade file-sharing system
Consumer-grade services can put your organisation at risk of data leaks and other security threats, while also making compliance difficult. It’s imperative to use a business-grade service that provides the appropriate visibility and security controls. Find the right file-sharing solution designed specifically for business use, such as Citrix ShareFile Business and Microsoft OneDrive for Business.
- Continually backup data
Manual or even daily backup of files might not be enough; ensure your organisation has a way of continually backing up files. Copying files into the cloud is a sure-fire way of protecting the data against user device loss, theft or failure. File-sharing systems like Dropbox Business offer file recovery of up to 120 days (for the highest tier). Check what kind of backup is provided by your office technology.
- Listen to employees
There’s no point investing in office technology that employees won’t use – however secure it might be. Engage your employees and offer a solution they will support and abide by. For example, if they already use Dropbox, invest in Dropbox Business. If they use Google, offer G Suite by Google Cloud. Ease of use is imperative; consider how to make it seamless for users to access their account securely from their mobile device.
- Use two-factor authentication
Cyber criminals target passwords first. So, for maximum security, make sure your chosen solution has a two-factor authentication (2FA), where passwords are supplemented by a one-time code generated by a different device. Most big-brand file-sharing services offer this, with some also providing Single Sign-On (SSO) authentication.
- Train and educate users
Ensure employees understand the sensitivities of business information and the risks associated with file sharing. It’s imperative they know the secure ways of sharing files that have been approved by the business. Remember, the easier they find the process, the more likely they are to use it correctly.
Employees are going to share business files – this cannot be avoided. So if you are going to protect the business from threats, such as ransomware, providing secure and convenient file-sharing solutions is the key. Without the right office technology, employees will continue to use a variety of consumer-level file-sharing tools and put the business at risk. At Staples, our Technology Solutions experts provide a range of document security solutions to keep your business protected.
Leon is passionate about adding value to businesses to help improve efficiencies, productivity and increase profits. He takes the time to understand today’s business challenges to build cost effective solutions for Staples customers.