A Definition of File Sharing Security
File sharing has grown in popularity and frequency as people work remotely and enterprises move to the cloud. However, any time employees use technology to share files between devices, there are security risks involved. File sharing can introduce risks of malware infection, hacking, and loss or exposure of sensitive information. Without proper security measures in place, the benefits of file sharing can be significantly outweighed by the potential for exposing your company’s sensitive data to new security threats.
The Prevalence of File Sharing
Elastica conducted a survey that analyzed 100 million files shared on the leading public cloud applications, and the results show that sensitive enterprise data is leaving company networks via web-based file sharing services at a staggering rate. According to Elastica, employees store an average of 2,037 files in the cloud. Twenty percent of those files that were “broadly shared” through file sharing services included some form of regulated data.
Specifically, Elastica determined that shared files often include personally identifiable information (PII), which is governed by data protection laws and industry standards. Other shared files frequently include personal heath information regulated by HIPA. It is clear that enterprise data is being put at risk of exposure as employees use consumer file-sharing services. The good news is that the survey found that only 5% of all users were responsible for 85% of “risk exposures,” such as sharing regulated data – a factor that could make file sharing security easier to tackle for some companies.
Another concerning issue emerging from the Elastica survey, however, is that 80% of the risky file sharing incidents involved “accidental” sharing by employees. In these instances, employees sharing files did so without any malicious intent behind their actions.
In contrast, 12% of the reported risky file-sharing incidents were caused by account takeovers by malicious parties, and 7% of the incidents were due to the actions of malicious insiders. Whether malicious or inadvertent, the risks posed by any of these file-sharing incidents have potentially catastrophic consequences for enterprises – particularly those that handle large amounts of sensitive data or those subject to data security regulations like PCI-DSS or HIPAA.
Steps Toward File Sharing Security
File sharing is a necessity for today’s enterprises, as employees and business partners become increasingly globalized and require access to electronic documents for increased productivity and collaboration. However, in order to avoid adding data security risks, enterprises should take the proper steps toward achieving file sharing security.
The first step towards effective file sharing security is to better educate all employees about the risks of sharing files, especially in terms of Shadow IT, or “the practice of employees using IT solutions that are not officially implemented and approved by an organization or its IT department.” This type of file sharing involves using personal email accounts, free cloud storage services, and other consumer file-sharing systems, as they may not meet the company’s security standards and are, in many cases, outside of the company’s existing security controls.
In addition to educating employees about the risks of file sharing, implementing a formal file sharing policy provides clarity and conveys the serious nature of the risks involved in such activities. Companies’ IT and security teams should evaluate the usage and security of consumer file-sharing systems to determine whether or not to allow their use and take measures to secure usage should they be allowed. Consider developing and adopting a file sharing policy that is specific about the use of all file sharing methods, including those that are cloud-based and among file sync-and-share applications.
Keep in mind that your IT department should have complete visibility into all file sharing apps used by your employees for sharing work-related data, and IT should be able to manage and control user access to sensitive enterprise data. It’s also a good idea to have regular training or awareness sessions to keep employees abreast of the risks of data loss or theft due to file sharing and to educate them on complying with the applicable regulations. Finally, you should conduct audits on a regular basis to analyze your enterprise’s file sharing practices and identify security risks requiring mitigation.
Benefits of a Data Protection Solution for File Sharing Security
The final line of defense in file sharing security is to invest in a data protection solution that protects against data loss and theft due to file sharing. Top data protection solutions deliver security for file sharing applications and cloud storage through a combination of access control, application control, endpoint control, network security appliances, and other proactive measures that effectively prevent the sharing of sensitive company information to unauthorized applications, endpoints, and users. The benefits of adopting a top data protection solution for file sharing security include:
- Continuous monitoring and visibility for all data interactions with web and cloud storage applications
- Granular file movement control based on browser and OS events involving web applications like SharePoint, Dropbox, and Google Apps
- Automatic classification and policy-based protection of data downloaded from web applications
- Forensic event logs for effective alerting, reporting, and policy creation
- Automatic encryption of sensitive data prior to egress
- API integration with leading file sharing applications to enable extension of corporate data security measures to the cloud
With the proliferation of cloud computing, it can be a major challenge for enterprises to effectively block employee usage of cloud storage and file sharing outright. However, with the right combination of employee education, comprehensive file sharing security policies, and data protection solutions for file sharing, organizations can reap the benefits of cloud computing and file sharing while minimizing the introduction of additional data security risks.
Digital Guardian for Compliance Technical Overview
Get the technical details on how Digital Guardian solutions protect on the network, at the endpoint, in the cloud, and discovers sensitive data.Download Now
Related ArticlesWhat is Device Control? A Device Control Definition
Learn about device control technology and how to implement device control solutions in your security program.What is AWS Security? Risks, Best Practices, and More
Learn about Amazon Web Services (AWS) security in Data Protection 101, our series on the fundamentals of information security.20 Information Security Tips for Hospitals
Encryption, monitoring data access, and ensuring there's a recovery plan in place: In this week's Data Protection 101 we countdown 20 information security tips designed to help hospitals better safeguard sensitive patient data.