Does your business have a handle on all the ways employees share information across departments and with others outside your organization?
In an effort to improve productivity and efficiencies, employees often use unauthorized cloud-based applications or other workarounds to exchange files. The use of unauthorized software and devices is known as Shadow IT because it often slips under the radar of most IT departments or falls outside of established protocols. Such practices can expose networks to potential compliance violations, data loss or malicious cyberattacks.
How can your employees share files without leaving your systems vulnerable? Let’s look at various risks of the most common file sharing methods and best practice tips for mitigating those risks.
Arguably, the most common method of file sharing is email. For decades, users have transferred sensitive information through various email platforms to the chagrin of most IT and compliance departments. Aside from being a security risk, email is an unreliable method of file transfer — sent information could end up in a spam folder, be blocked by a recipient’s IT department or end up being forwarded to unauthorized recipients.
It’s just too easy to mistakenly share sensitive data or succumb to a hacker’s deceptive tactics through email. Have you ever composed (and sent) an email after the program auto-filled the recipient’s name from your address book incorrectly? That’s all it takes to leak confidential or proprietary information into the wrong hands. Additionally, email continues to be the number one way cybercriminals access networks, and it should never be used to send confidential information.
Best Practice Tips: Establish and reinforce policies regarding sharing information through email and provide alternative authorized methods for file sharing. Minimize the risks of hackers accessing your systems through email by educating employees about how to recognize signs of a phishing scam.
When email isn’t an option, resourceful employees may turn to file sharing software to send information, but not all file share programs offer robust security. There are several excellent file sharing software platforms being leveraged by businesses today, each with its pros and cons. Google Drive, Microsoft OneDrive, Dropbox and others help companies organize documents and connect across departments and across the globe.
Even reputable file sharing platforms have their risks, however. Because they’re typically easy to use, these platforms can also sometimes be easy to access by unauthorized users or would-be cybercriminals. One of the simplest ways this occurs is when employees mistakenly give access to entire folders and subfolders when they intended to only give access to a single file.
Best Practice Tips: When selecting file sharing software, dissuade users from finding workarounds by ensuring that it’s user friendly. Require password protection or encryption for confidential files and insist that employees are trained on how to properly save and share files within your authorized platform. Continue to monitor activity and send reminders about its proper use.
Many businesses allow the use of social media while at work and even encourage employees to remain active on various social channels to build their professional networks and keep abreast of current industry trends. As a result, some employees use those platforms to communicate and share information, proposals or other documentation via private messaging features.
If you’re on any social media platform, you’ve inevitably heard of acquaintances whose personal profiles were hacked, or who’ve had fake accounts set up in their names. As with email phishing scams, it only takes one click to open a sensational headline containing a malicious link to give a hacker access to your entire social network and any information contained therein. This might include personal identifying information, passwords, photos and any business documentation or information sent through messaging apps.
Best Practice Tips: Establish a social media policy that outlines acceptable practices for work and prohibit the sharing of business documentation via social media. Clearly communicate expectations and potential consequences and provide resources to educate employees on how to keep accounts secure.
Some employees simply find it more convenient to use a USB flash drive or other device to transfer files. Once files are housed on external devices, there is no control over how the information contained on them is shared, and those devices can easily be lost and discovered by unauthorized recipients.
The transfer or storage of corporate files via smartphones or other personal devices also poses a risk for hackers to intercept information, especially when done over unsecure Wi-Fi networks. And once an employee leaves your company, there’s no way to guarantee that information doesn’t leave with them and end up in the hands of your competitor. As remote workplaces become more commonplace, IT departments need to protect data both inside and outside their organizations.
Best Practice Tips: Establish a bring-your-own-device (BYOD) policy at work. Restrict the use of personal devices for work to employees whose job functions truly necessitate it, and keep detailed records of all employee-owned devices that contain corporate data.
Retaining control over how information is shared is a growing challenge as more platforms are implemented by organizations and the population as a whole becomes more comfortable and resourceful when using technology. It’s important for companies to thoroughly assess their current IT protocols and implement a strategy for mitigating the risks associated with file sharing and other security threats.
Contact the IT experts at Gordon Flesch Company for a free assessment and proposal for managing your technology, along with implementing the right solutions to help keep your systems secure by empowering employees with the tools they need. In the meantime, check out our interactive infographic below to help identify other areas where Shadow IT may be posing potential risks.
