Sharing data, files, and other important information is a major part of today’s digital business world. Between email, VoIP phone calls, cloud software programs, and everything else that your business needs on a daily basis, it’s impossible to avoid the exchange of information. But if you don’t have a secure strategy in place, you’re just asking for trouble.
What is Meant by a File-Sharing Policy?
Before we get too far into this issue, it’s important to explain what is meant by a file-sharing policy. While traditional peer-to-peer file sharing can be included in a file-sharing policy, the term is not used to exclusively describe this sort of behavior. A file-sharing policy deals with any exchange of private or confidential information between one party and another. This means email, SMS, and online chat logs are all examples of file-sharing behaviors.
When you develop a file-sharing policy for your company, you need to look at any and every process that involves the exchange of information. And since new technologies and processes are constantly being developed, this means you’ll be adding to your policy on a revolving basis. A file-sharing policy isn’t something that you create and let sit. It will need daily attention.
Four Things to Consider
Now that you have a slightly better understanding of the term, let’s take a closer look at some of the different elements you’ll want to consider as you draft and execute a file-sharing policy within your own company.
1. Crack Down on Email
If there’s one area where most businesses really screw up, it’s email. Today’s employees are so comfortable and familiar with email, they forget it can actually be a dangerous tool when used inappropriately.
The reality is that email is not a secure medium for sending, receiving, or opening confidential information. This is true for many reasons. First off, the devices of the sender and receiver aren’t always secure.
“Your email data is stored in ‘files’ on your device and there are programs that can access and read those files, these programs can even read and display attachments,” IT pro Christina Harbridge explains. “Rifling through email is the most common process of malware.”
Then there’s the fact that networks through which emails are sent can be compromised. Multiple network connections are accessed between the time an email is sent and when it’s received and there’s no guarantee that they’re all secure.
“The bottom line is that email technology does not provide a secure way to send, receive, and store sensitive documents,” says Phillip Vera of XMedius, a provider of advanced file-sharing technology. “Next-generation file exchange solutions have to be easy to deploy, use and manage, and must be able to integrate seamlessly with contemporary business workflows and procedures.”
As you flesh out the details of your company’s file-sharing policy, make sure you’re doing everything you possibly can to combat the risks of email.
2. Outlaw File-Sharing Services
Consumer file-sharing services should not be allowed in the workplace. While there are people who say they can be used so long as employees are educated on proper behavior, it’s simply not a good idea.
“The loss of sensitive or confidential business information is a huge problem for organizations. And consumer-grade file-sharing apps are inherently insecure and susceptible to data leakage,” security thought leader Larry Ponemon says. “It’s not just a technology problem, it's also a people problem. To paraphrase Bob Dylan, most people do what's most convenient and then they repent.”
3. Recognize the Risks of USB Drives
While USB drives aren’t used nearly as much as they were five or ten years ago, they’re still common in many organizations. But did you know that they actually pose a huge risk?
As Norton explains, criminals have developed malicious software that specifically targets these drives and can program firmware to hold malicious code. What’s even scarier is that this malicious code can be present even when the USB drive appears empty. It’s best to stick to sharing files in the cloud.
4. Don’t Just Implement….Educate!
If you’re going to take the time to develop a strong file-sharing policy that protects your business from malicious behavior, you need to expend the same amount of energy on education. Your employees need to not only understand the rules associated with the policy, but also the “why” behind the policy. This will help them develop more responsible and sustainable behavior patterns.
Strict is the Word
Every file-sharing policy will look different. Much depends on the technologies and tools you use, what sort of data your company interacts with on a daily basis, and how many employees work for the organization. And while it’s totally fine to shape a strategy around your specific needs, there’s no room for compromise when it comes to enforcing the policy.
Once you set a file-sharing policy, you must be willing to stand by it. As soon as you let something slide or turn a blind eye to a particular action, you’re undermining your own authority and relaying the message that the policy doesn’t really matter.
Make an example out of behavior that doesn’t align with the policy and be as strict as you possibly can. This isn’t about making people like you – it’s about protecting the best interests of the company.