by Rich Kenney, Vice President, TechSolutions, Inc.
Think of the last time you worked a full day without sharing a document or a picture with a coworker or a friend. You probably can’t. Many times, that task is performed with standard email attachments, but file sharing services like Dropbox, Box, and SugarSync are used just as often. While the practice of using such sharing services is perfectly acceptable in the world of personal computing, special considerations need to be accounted for when put into a business setting. Unfortunately, many business owners do not realize the gravity of the situation and thus allow/condone the practice of using personal-grade services to share files with coworkers, customers, and vendors. Those free services have no place in today’s business environment, yet they are used constantly in all sectors.
Why do employees use services such as Dropbox? Because it is easy to use and understand. Because it is free. Because “It’s what I use at home”. And because they don’t know any better. What they don’t understand is that the risk of things such as data theft, loss, or corruption is greatly increased versus using a more secure and centrally managed solution. Additionally, using those free services significantly increases the possibility of lawsuits and compliance violations such as HIPAA or PCI. Also to note is the inclination of hackers to use compromised file sharing service accounts to gain access to the same set of corporate data that a C-level employee would have access to from his or her office computer…not to mention the trick of using those compromised accounts to spread malware and viruses.
IT Administrators and business executives have a responsibility to get a handle on the use of these services on corporate assets. Enabling the efficiency of employees is always a key goal, but when the potential cost could be a multi-million dollar lawsuit, restrictions and policies should be put in place. Many of the sharing services offer “business” or “enterprise” grade plans that usually cost between $10 – $30 per month, per user. Plans like these usually come complete with increased security, encryption, and centralized management. As an example, one business-grade service I have worked with in the past offers two-factor authentication, which allows for a second check, besides a username and password, that you are who you say you are. Additionally, file and folder level security such as read-only or no access are standard features. It also encrypts the data as it is transferred from one computer to another. And finally, it boasts a management portal that provides for a centralized view of all connected devices and the ability to remotely wipe the data from a lost or stolen device.
Companies should learn from the mistakes of others and take steps to eliminate the use of free file sharing services in their environments. HR should create formalized policies forbidding their use and that should be communicated down from top-level management. IT administrators should block the most commonly used applications at the corporate firewall level.
Assuming that the need for a file sharing service would be beneficial to the company and improve overall employee efficiency and collaboration, a business-grade application should be used in place of the personal-grade service. Yes, that would incur a relatively minor monthly charge that didn’t used to be necessary, but considering the alternatives of having documents containing sensitive information falling into the wrong hands or being sued for intellectual property damages, it would be a small price to pay.