File Sharing - The uncontrollable risks

A recent study shows the extent to which private file-sharing applications such as Dropbox or Google Drive are also used to exchange business files. This creates significant security gaps and risks for companies.

In a broad-based study, EIM provider M-Files asked corporate users about their file sharing and synchronization habits. It became clear that file-sharing platforms from private use, such as Dropbox, OneDrive, Box or Google Drive, are also widely used to store or exchange business information or even critical documents. This creates significant risks for businesses.

Files stored on private file-sharing applications are beyond any control of the enterprise. This creates a significant risk of unauthorized leakage of business data. In addition, file-sharing platforms bring a second, no less critical risk: with their own storage structures and repositories, they contribute in no small way to the ever-growing chaos of information and versions - a problem that, unfortunately, even secure file-sharing solutions operated internally by the company's own IT create.

The use of network file folders or e-mail as exchange channels is equally not exempt from the problem of version chaos and duplication, even though these channels may only pose a medium risk from an IT security perspective.

The problem is more widespread than thought

Around two-thirds of the users surveyed use private file-sharing applications. Nearly half also use them to share business information. More than a third even use these platforms regularly to store and share business information.

This makes it clear that we are dealing with a widespread problem: The use of private file-sharing platforms to exchange and store business files is the rule rather than the exception.

The question that remains to be answered is whether the information being shared is non-critical or public information, or whether it includes confidential or business-critical information.

Sensitive information is also massively affected

The study also revealed a frightening picture here: almost half of users have also shared sensitive or confidential information via these platforms in the past, or stored it there.

If a quarter of those surveyed are aware that problems and damage can arise for the company in the form of loss of confidential information or violations of compliance requirements, the demand in day-to-day business must be very high if these platforms are nevertheless used against one's better judgment.

The problem is largely homemade

70 percent of respondents said their company did not have a policy prohibiting the use of private file-sharing platforms, or at least that they were not aware of it. This makes it clear that there is a significant information governance omission here.

Only a rogue might suspect here that, for lack of knowledge or availability of alternatives, people are deliberately looking the other way. This is a risky undertaking when you look at the amount of damage that has been done.

The safe alternative is file sharing from an ECM system

A safe solution to this problem is offered by ECM or DMS systems that have an integrated file sharing function. This was the case for 39 percent of the users surveyed. Files can be securely shared from the ECM system. However, the ECM system should fulfill the following characteristics:

Additional to the topic

• Checklist for secure file sharing from ECM/DMS systems
• Uniqueness: Sharing is done directly from the repository of the ECM system, neither a copy nor an export is created.
• Simplicity: The user should be able to create a secure hyperlink with a simple mouse click and provide it to external users.
• Access control: The time validity and type (read/write permissions) of access should be able to be restricted.
• Auditability: The ECM system monitors access to the file and provides comprehensive auditing capabilities.

If these characteristics are met, file sharing from an ECM/DMS solution offers a secure and risk-free alternative to file sharing via private file sharing applications or via special network drives.
 

Concrete recommendation for action

Companies where employees still use private file-sharing applications such as Dropbox, Google Drive & Co. should address this challenge with the following two measures:

A clear policy should be developed that makes it clear to users what forms of file sharing and synchronization are permitted. The company must then ensure that this policy is also known to all users and that it is followed.

In addition, companies should implement an ECM solution with file sharing and collaboration capabilities - if they do not already have one - that allows users to easily access, share and collaborate on documents, both internally and with external users.