Imagine what would happen if someone shares or corrupts your organization’s business plans, financial data, employee or customer information. There are probably many scenarios in your head and all of them are bad. Maybe you have procedures in place for such instances, but what about mitigating the risks, so you’re less likely to experience data leaks and breaches in the first place? Simple strategies will go a long way and we have five great ones to get you started.
Co-create your organization’s file-sharing policy
You’d be surprised to learn how many companies don’t have a file-sharing policy. Governance, risk, and compliance (GRC); legal; and HR departments are undoubtedly aware that they should have one and have an idea of what the content should be, but they often lack the technical expertise to put it together. An IT department is invaluable in defining the technical aspects of file-sharing policies. Working across departments to form a well-rounded policy will give a technically accurate policy, as well as one that can be easily implemented.
Disallow or restrict “public” links
Public links are visible to everyone on the web and - in some cases - they can even be indexed by search engines. There are cases where companies accidentally expose employees’ social security numbers on Google. Not only is this a severe privacy breach, but it also harms your organization’s reputation. Disallowing public-link sharing is a good way to mitigate this concern.
Know who has access to your shared file platform
No matter what platform you’re using, it is essential to have visibility of who has access. Without knowing who has access to your organization’s files – both internally and externally – it’s hard to improve your data protection. Performing frequent audits, especially when there are major organizational or external changes is a great way to ensure an up-to-date overview.
Don’t restrict or block external sharing
This seems counterintuitive. But if you restrict or block external sharing, you risk ending up with Shadow IT. The thing is, people will find ways to bypass restrictions that interfere with their workflow and turn to unauthorized alternatives, as a means to share files instead. The paradox is that everything appears fine from an IT perspective while nobody knows the actual digital footprint. You’ll be far better off to not restrict or block external sharing, because you want to know what you’re dealing with – better the devil you know, as the saying goes.
Educating the end-users
IT can do a lot of work in terms of implementing systems and processes, but data protection will always be sensitive to human errors. It’s important to foster a good data security awareness by educating end-users on the potential risks. Be it through training sessions, listing policies in an employee handbook, creating video tutorials, etc. Regardless of your chosen method, it is essential to raise awareness on the risks to make data protection a company-wide effort.
Ball is in your court
Some strategies will be easy wins for you to start implementing today, whilst others require a more long-term effort. Most important is taking initiative to start building your data protection strategy and these five simple strategies are a great place to start.
If you want to dive deeper into this topic and get our file-sharing policy template, then please fill in the details below to receive our in-depth ebook.