By Mark Edge, UK Country Manager at Brainloop
There’s one healthy habit that all small businesses need to adopt next year, or risk putting on a few pounds. Unlike a Christmas over-indulgence, these pounds could come in the shape of fines for breaches of regulations such as the new EU General Data Protection Regulation (GDPR). Designed to address the changing way businesses operate, the GDPR aims to tackle issues such as the protection of personal data on social networking sites and data stored and transferred in the Cloud. The GDPR will eventually affect companies of all sizes, so in 2016 small business owners should aim to prepare their data protection practices for the upcoming changes. A good place to start is to curb the bad file sharing habits that could be putting sensitive data at risk on a daily basis.
The security and productivity balancing act
The ability to quickly and easily collaborate with colleagues and partners is what keeps business moving. Unfortunately, practices that an employee might view as being productive and collaborative can actually be causing serious security headaches. In fact, PwC’s 2016 Global State of Information Security Survey found that the number one cause of security incidents in 2015 was current employees. Failing to address the risk posed by internal users leaves businesses vulnerable to entirely preventable breaches and data loss.
It is quite surprising just how many people still use simple email (and even personal email) to share sensitive business information and documents. Emails sent through popular office platforms, such as Outlook, are often unencrypted, meaning that once a user hits “send”, the content crosses a number of servers and can be viewed by unintended recipients. While this may not seem like a concern when simply saying “hello” or confirming meetings, it becomes a major vulnerability when exchanging sensitive or confidential information.
Consumer file sharing solutions such as Dropbox and WeTransfer have also found their way into the workplace, with employees attracted by their convenience, familiarity and the fact that they are free to use and easy to install. But sharing sensitive information using these public Cloud platforms can be problematic, as they offer very little in the way of in-built security and absolutely no visibility from an audit perspective.
Email and consumer file sharing solutions are not the only means by which employees share sensitive information. USB drives, Instant Messaging apps and printing out reams and reams of documents to send in the post each pose a real threat from a data protection standpoint.
So how can you break the habits?
The best way to break bad habits for storing and sharing sensitive information does not involve simply placing cumbersome restrictions upon employees. Security education is of course a crucial part of shaping employee behaviour, but it is impossible to develop a fully cyber security trained and attentive workforce. It therefore falls upon small business owners to use a combination of education and technology to protect their most sensitive data.
Whether working in the office, from home or whilst travelling, employees carry confidential data with them. They need to be made aware of their role in securing business information and should understand the amount of trust that has been placed in them to do so. This will help them to always think twice before sharing sensitive information using insecure methods.
In an increasingly collaborative world, most organisations have business partners, vendors and contractors who must also be trusted to receive sensitive information. This poses an issue as it is far more difficult to ensure external parties are trained to handle sensitive information in a secure manner. In this instance, it becomes especially important to implement technology that can control how and when data is reproduced and shared. While it may not always be possible to ensure that security procedures are adhered to, the use of technology is an effective means of enforcing policies when data is outside the boundaries of the organisation.
Secure file sharing is achievable and doesn’t require complex processes. The challenge is to balance access to sensitive data and documents to those who need to view it, but also keeping it protected from those who don’t. With that in mind, here are a few pointers to putting the right level of control in place to make secure file sharing work in your workplace:
- Data leaks are more often than not caused by careless, clueless or malicious actions. These three things should be taken into account when implementing security processes and technologies.
- Introduce a clear security policy, down to the document level, and ensure employees fully understand it.
- When assessing a file-sharing and collaboration solution, it is imperative that it is all encompassing and fully integrated into a business’s workflow so that it doesn’t cause bottlenecks.
- Workforces are now highly mobile and so the solution should allow employees to securely manage and collaborate on documents both within the local IT infrastructure and also remotely.
- Don’t get caught between a solution that gives convenience and one that provides security. The two, along with an intuitive interface for less sophisticated users, should go hand in hand.
- Implement security that has very granular controls, such as prohibiting alterations, downloading and printing unless the user is authorised.
If you haven’t already done so, now is the best time to start preparing your business for the full implementation of the GDPR in 2017. When sharing data internally or with third parties, employees should be empowered with highly-intuitive yet highly-secure collaboration tools, which can not only become second nature to use, but that also provide peace of mind that your most sensitive data is well protected.