One organization learned the hard way that all the talk about the dangers of file-sharing services is no joke. Brighton, Massachusetts hospital St. Elizabeth’s Medical Center (SEMC) agreed to pay a hefty $218,000 fine for violating HIPAA regulations. The penalty was levied for a security breach caused by an employee’s irresponsible use of a popular online service and SEMC’s failure to properly secure the affected data.
Recent research from the Ponemon Institute suggests that file-sharing services aren’t just inherently evil, but still pose a major threat to information security due to the poor handling of the organizations that use them. According to the findings, most companies have policies in place that regulate usage, yet fail to effectively communicate them to end users. Additionally, nearly half of the 1000 respondents reported that their companies lack visibility into how employees are using these services, which is cause for all kinds of concern.
A Gift and a Curse
File-sharing services like Box, Dropbox, and Google Drive are especially useful for companies that regularly share documents with parties outside of the organization. Rather than being confined to the limitations of email, content managers can easily collaborate with freelance writers, designers, developers, and vendors in mutually seamless fashion. Getting up and running is painless, the software is super easy to use for even non-tech savvy users, and the platforms themselves run cheap in price. Most services give you a couple of gigs free then allow you to affordably buy more space as your storage needs increase.
Unfortunately, convenience comes at the cost of reliability as far as file-share security is concerned. Missing from the mainstream services is encryption and other key security features enterprises need to enjoy a peace of mind. Plus, the public nature of the cloud is cause enough to leave company leaders spooked over the thought of confidential documents leaking into the wrong hands. Combine that with the any time-anywhere nature file-sharing offers, and you have what many organizations fear is a compliance nightmare waiting to happen.
The most unsettling of all file-sharing risks has to relate to end users and how their false sense of security can end up costing companies dearly. Maybe it’s a new employee, not trained on how to properly use the system, who mistakenly deletes a whole heap of files for a huge project. According to the aforementioned research, 61 percent of respondents admitted to irresponsible practices such as this with regularity. The data shows that improper handling on the user end is as big a threat to file share security as hackers, malware, and other more customary nuisances.
Addressing the File Sharing Conundrum
With so much to lose, it’s no wonder that organizations are taking a strict approach to file-sharing, particularly the consumer-focused area of services. In fact, some companies prohibit their employees from using the mainstream platforms they probably freely use on their own personal time. Sure, it might seem like an extreme measure, but when a single slip up can cost you in security breaches and compliance penalties, an extreme approach is justified. From where we’re sitting, there are three practical ways to address the issue of file sharing services in the enterprise.
1. Block ’em: IT managers can nip this thing right in the bud by cutting off access to those popular file storage platforms. As MSPMentor revealed, the process of blocking file sharing services can be accomplished in a couple of ways. Admins can start by manually configuring hardware and software-based firewalls to prevent access to specific IP addresses. MSPMentor also recommends next generation firewalls due to their ability to provide more detailed control over restricting access from specific users and to specific services.
2. Cater to business needs: Wouldn’t it be great if there were something out there kind of like Dropbox or Google Drive, yet more secure? This dream platform can be a reality when you build it from the ground up. Companies can fill a huge void by custom building a solution that enables easy file sharing and collaboration while providing security features that make sure sensitive data stays in-house. Organizations that lack the resources to design their own can seek out alternatives on the emerging market of enterprise solutions. These platforms aim to pick up the slack by offering privacy and security features missing in consumer-oriented services.
3. Bite the bullet with caution: Have we reached a point where the business community needs to suck it up and fully embrace the file sharing revolution? Not yet, but dealing could actually be the best case scenario for some companies. Quite a few firms are taking advantage of popular cloud services through careful selection. Cost, storage, capacity, privacy settings, security features, and maximum file upload size are among several factors that should be taken into consider when trying to custom-fit the best solution for organizational needs.
Ponemon’s study found that just 54 percent of IT departments were involved in their company’s adoption of file sharing technology. Whether it’s focusing on a platform with enterprise-grade collaboration capabilities or something aimed at consumers, end users are burdened with responsibly handling the corporate documents that cross their path. IT must play an integral role in educating them on file sharing risks and proper usage before any specific application is deployed across the organization.
By: Contel Bradford