Many organizations consider blocking external collaboration a viable option for protecting their files from security and compliance risks. And it makes sense as privacy laws are getting stricter, regulators are becoming more vigilant of non-compliance practices, and cyber attacks keep growing.
Whilst being too permissive is dangerous, so is being too restrictive. The problem is that people will always find a way to circumvent tedious processes. And we have seen plenty of real business cases that prove this point. Here are just a few scenarios.
A customer asks you to send over their files, which contain sensitive data. External sharing is blocked for your organization, so you decide to send an email attachment instead. Then, you realize that you’ve accidentally sent it to the wrong recipient! The email cannot be revoked and you have no control of whether the data gets printed, downloaded, copied, forwarded, and even hijacked. You have now committed a data breach.
Your company’s policy is to have one platform for internal use and a different one for external. Having two sharing systems is tedious and confusing, so some of your staff start uploading internal documents to Dropbox as well. Little do they know that external parties now have access to the documents and, worst of all, your IT department is not even aware of the issue. Your company is now facing serious non-compliance charges.
The product team wants to develop a new market solution, but it needs some help from an external agency. They ask you to share all the product material and plans with them, but you can’t, as external sharing has been blocked on your platform. So you decide to download the files to your local computer, to upload everything elsewhere and create a shareable link. It works! However, your company has no idea of who’s accessing what, and whether the files get shared with any unauthorized parties. If that’s the case, you’re a victim of data loss and potential competitive disadvantage.
What to do?
If being too permissive or too restrictive is harmful, then it’s a question of finding the right balance between the two. To avoid the risks of bypassing restrictions, opening external sharing might paradoxically be the safer choice - that is, if it’s done with the right protocols. Opening external sharing will not only allow you to revoke access in case of human error, but it also allows for a more effective way to collaborate with external users.