When using collaboration suites like Microsoft 365 or Google Workspace, chances are you’ve shared a file with someone at some point (e.g., documents, PDFs, videos, images).
Sharing files isn’t a problem. However, not managing external access to your files certainly is, and it represents a big security risk to your organization each day externally shared data remains unknown and unmanaged. Let’s be honest; most people in the organization focus on creating business value, not spending much time reviewing their shared files, right?
“The pressure to be productive is causing employees to put sensitive data at risk. Security and SharePoint professionals must understand where this content resides and how it is accessed and shared” – Ponemon Institute Chairman and Founder Dr. Larry Ponemon
We get it, but ignoring external access puts your organization at risk. Increasing research, including a recent Ponemon Institute survey, exposes how uncontrolled file sharing can plague organizations, and their IT leaders are starting to sweat. Let’s talk about the top five risks:
1. Security vulnerabilities
Shared files are an “open door” into your organization if they contain employee credentials, personal information, proprietary business data, or anything else sensitive that outsiders can use to bypass your security efforts.
According to Ponemon Institute’s survey, shared files pose security risks due to:
- Third parties accessing data they shouldn’t (84% of IT respondents agree)
- Employees accidentally exposing information (73% of IT respondents agree)
- Broken security management processes (48% of IT respondents agree)
- Hackers (28% of IT respondents agree)
- Malicious employees (19% of IT respondents agree)
The Ponemon Institute survey also found that 52% of an organization’s sensitive data is stored in SharePoint. With so much sensitive data living on solutions meant to be shared to promote and support collaboration, the risk only continues to grow.
2. Data leaks and breaches
According to a Verizon 2022 study, 82% of all leaks and breaches happen because of human error. Ponemon Institute’s survey adds that 63% of IT respondents say employees have accidentally shared files with unauthorized people outside the organization. As a result, 49% of surveyed organizations have experienced at least one file-sharing data breach in the past two years!
In addition, the Ponemon Institute survey highlights how not knowing who is sharing sensitive data or where it resides increases the risk of data breaches. Surprisingly enough:
- 79% of IT respondents feel they don’t have the right tools to protect sensitive data from accidental exposure
- 63% of IT respondents don’t know where sensitive data resides
- 49% of IT respondents believe existing tools aren’t effective when it comes to data protection
These findings demonstrate the need for having the right technologies to detect, protect and respond to unauthorized file-sharings.
3. Data loss and (un)governance
According to the University of Texas, 94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen, and 51% close within two years.
File-sharing is convenient, but it poses serious data loss and data governance risks as “editor access” is the default sharing setting in collaboration suites. With such access, others can corrupt, delete, or even leak your files without your organization’s knowledge or consent. In Ponemon Institute’s survey, shared files pose risks since
- Employees don’t clean up sensitive files as required by policies (72% of IT respondents agree)
- Employees accidentally share files with unauthorized individuals (65% of IT respondents agree)
- Employees share files with unauthorized individuals outside the organization (63% of IT respondents agree)
Files shared with public links pose another data loss risk because they can invite search engines to index them, making the content accessible to everyone on the internet. This is one of the easiest ways for outsiders to access your files.
Knowing about your organization’s file-sharing exposure can help take the corrective measures required for a good data governance strategy.
4. Employee data theft
Big tech, tech unicorns, and top startups had 60,106 layoffs in November 2022 (based on data from TrueUp). Couple this stat with Verizon finding that 72% of departing employees admit to taking company data. As they have created and managed the data on the job, they think it belongs to them or simply will give them a leg up when pursuing new opportunities. However, such behavior usually violates the organization’s policy and causes serious risks under regulations like GDPR, ISO 27001, etc. and can result in lawsuits and financial losses.
Yet, perhaps unsurprisingly, Ponemon Institute found that 70% of surveyed organizations struggle to detect data thefts, as respondents don’t feel they have sufficient tools in place.
5. Privacy issues
137 out of 194 countries have some sort of privacy and data protection legislation put in place (GDPR, HIPAA, PIPL, LGPD, etc.). As a result, it could be incredibly expensive if employees accidentally or intentionally expose personal data. Under GDPR alone, violations organizations can be fined €20 million or 4% of the global annual revenue (whichever is highest) for failing to protect the privacy and data of EU citizens.
Fortunately, privacy laws resemble each other with the main objective to ensure citizens’ information is protected, secured, and managed in the best possible way. Oftentimes, organizations simply need to prove they’ve made every reasonable effort possible to protect sensitive and private information. Having tools and processes in place around file sharing is a great way to strengthen compliance.
Conclusion
Sharing files helps employees collaborate with external users on projects needed for creating value and business growth. However, unmanaged permissions pose various security, data governance, and privacy risks that could damage the organization’s financial and reputational situation.
Human error accounts for one of the biggest risks regarding accidental or intentional data exposures. So as more sensitive data gets stored on the cloud, organizations must equip themselves with the right technologies for detecting, protecting, and responding to any data exposure or unauthorized shared files.
Tricent gives you 100% control of your shared files in Microsoft 365 and Google Workspace. As an official Microsoft and Google partner, our tool meets their highest security standards.
Calculate your digital footprint.
If you are concerned about your company’s exposure level, try our FREE RISK CALCULATOR and get a benchmark estimate on your exposure to your external file sharing.
References:
CIO.com (2022) “The Benefits of Cloud-to-Cloud Backup”
https://www.cio.com/article/303998/the-benefits-of-cloud-to-cloud-backup.html
UNCTAD (2022) “Data Protection and Privacy Legislation Worldwide”
https://unctad.org/page/data-protection-and-privacy-legislation-worldwide
General Data Protection Regulation (GDPR), Article 83
https://gdpr.eu/article-83-conditions-for-imposing-administrative-fines
Ponemon Institute LLC (2017) “Handle with Care: Protecting Sensitive Data in Microsoft SharePoint, Collaboration Tools and File Share Applications in US, UK and German Organizations”
PR Newswire (2017) “One in Two Organizations Have Had a SharePoint Data Breach, According to New Study”
Verizon (2022) “Data Breach Investigations Report Master’s Guide”
https://www.verizon.com/business/resources/reports/dbir/
Verizon (2019) “Data Breach Investigations Report”
https://www.verizon.com/business/resources/reports/2019-data-breach-investigations-report.pdf
Objectivity (2022) “Google Hacking – How to Find Vulnerable Data Using Nothing but Google Search Engine”
CSO Online (2015) “Lost in the clouds: Your private data has been indexed by Google”
TrueUp (2023) “Tech Layoff Tracker”