It seemed innocent enough. Your client needed a file. You shared the file. In the aftermath, it might take a while before it as all traced back to you. But your innocent little action just brought down your company, and your client’s company as well. Now wake up and realize that the nightmare is real. It happens everyday. It just may not have happened to you, yet. But it can. There is nothing preventing it. Hope and luck are not strategies. Here are some critical things you need to know before you share another file:
A Business Needs a Business-grade Solution
It may be very tempting to use inexpensive, consumer file sharing products that would initially save your company a lot of time and money. But that is the kind of thinking that can destroy your business. This often happens when people go from consumer to sole proprietor of a small business. They feel like the solutions they have been using would work just as well for their business. What they don’t realize is that a business has to have a business-grade solution. This sentiment is echoed by one of the companies that offers a secure Dropbox alternative for enterprise:
When business users need to quickly share files or documents, they often turn to non-sanctioned, consumer-oriented tools that do not meet corporate security and compliance mandates. Although they are not purposely trying to go rogue or be malicious, the potential loss of financial information, HR information, intellectual property, and other sensitive data can be devastating to a company. In some cases, it can result in fines and sanctions if the data has regulatory implications.
A Need to Know Basis
The astonishing thing to me is just how frequently companies overshare when it comes to information. They are constantly disclosing information that is not actually necessary for the transaction.
We are getting a lot better about that sort of thing as time progresses. But businesses still have a problem with oversharing. I still get handed business cards with personal cell phone numbers. That level of accessibility is inappropriate for a business relationship. It is actually okay if there is some point in the day when a client cannot reach you.
The problem is a matter of perspective. rather than asking how much you can share with a client without sharing too much, ask how little you can get away with sharing without sharing too little. It is not just about the person with which you are sharing information. It is also about anyone else that might gain access to that file outside of the information chain.
You sent the information over a secure network. The person reads the information on a large monitor in view of whomever might be standing behind him. If one person can read it, so can another. You have to think about what information you have released if it ends up in the wrong hands. Share only relevant information. And do so as if you suspect whatever you share will leave the information chain.
Even Files Need Passwords
Passwords are not just for Facebook logins. They are for everything. I suspect that we are not many years away from refrigerators with passwords. In the meantime, a refrigerator has already been used to hack a business. It is not enough to put sensitive files on a computer that has a password. Each file needs its own password. In the most recent Sony hack, their sensitive files had passwords. But the password file was in plain text and clearly marked. It seems the file holding all the passwords didn’t have a password.
It is easy to poke fun at a security breach that happens to someone else. If your company does not take file security seriously, then it is only a matter of time before it happens to you.