Serving Up Corporate Data on a Silver Platter—Without Even Knowing It

The fastest-growing security threat in the workplace right now is the spread of consumer-grade file sharing solutions. According to an April 2013 Information Week article, Dropbox is the most widely used file sharing cloud platform; its customer list contains 2 million businesses, including 95 percent of the Fortune 500 company list. In addition, 600 million work files are saved by employees to Dropbox each week. And Dropbox isn't the only culprit (it is just the most popular).

It is a fact of corporate life that we all need to be able to collaborate with remote colleagues and work from a variety of locations to maximize productivity. Because there is a lack of secure, corporate-level options in the marketplace that allow for this, we rely on consumer-focused solutions like Dropbox. We upload corporate files to personal Dropbox accounts on desktop computers, laptops, phones, and home computers to easily share these files with multiple people who are also using a variety of devices. Although the majority of these people are well intentioned their actions have severe security implications.

Sharing company files via any platform other than secure, corporate-sanctioned solutions invites the following:

• Data Sprawl: Data is everywhere and, because content is all over the place, it becomes impossible to find files. This causes frustration and can halt productivity, but it also creates significant complications when critical files must be located for compliance audits.

• Increased Security Risk: When using consumer file sharing tools, your data is all over the place. As such, the number of ways someone could gain access to a confidential file increases exponentially, exposing your company to significant risk.

• Loss of Control: Consumer file sharing tools make it difficult, if not impossible, for IT resources to manage content in accordance with company- or government-specific compliance obligations.

While the government is trying to protect individuals (Senate Committee on Commerce, Science, and Transportation Chairman John "Jay" Rockefeller, D-W.Va., in January introduced the Data Security and Breach Notification Act that would require the Federal Trade Commission to issue security standards for companies that manage customer information.), it is up to SMBs to protect themselves.

If your employees use Dropbox, your organization must:

• Create a file sharing policy so that employees understand that they cannot store, share, or distribute work documents through non-sanctioned file sharing solutions on company-owned devices or any hardware that connects to the company network.
• Implement a secure, company-controlled technology to share files that effectively integrates with your company's existing file sharing infrastructure and provides an easy way to track, audit, and archive content and transactions.

Last Word
Awareness is the first step. While SMBs are becoming savvier about almost all business processes, the use of consumer grade file sharing solutions for corporate data has slipped under the radar—and severely increased digital attack vulnerabilities. In order to minimize organizational risk, businesses must adopt a better way to manage, authenticate, secure, and oversee all business files moved between people, systems, and devices. Stay productive, but stay protected.

Heinan Landa is the CEO of Optimal Networks, a company that provides comprehensive and strategic IT support, management, and consulting services, including managed IT services, a preeminent corporate cloud solution, and strategic IT assessments to law firms, associations, and small- to mid-sized businesses (SMBs). For more than two decades, Optimal has helped approximately 500 clients navigate the ever-increasing changes in technology to make sure their technology is "spotON" and supports their organization's success.