The future of work is distributed. This means securely collaborating and sharing content is now a standard requirement in the enterprise.
Protecting corporate information used to be easy. Everyone worked in the office on company-issued desktops. The corporate network was walled off, with only a select few permitted to access the VPN. Over time, however, laptops became the standard-issue computer. When the COVID-19 pandemic hit, working outside the organization's physical network became the default, not the exception.
Organizations that used only email for collaboration and sharing have come to see the flaws inherent in relying on email. Every organization needs a secure tool to collaborate and share files with clients, partners and themselves. These file sharing best practices can help organizations implement collaboration in a way that protects important data and promotes productivity.
Understand security needs
The first step in a file sharing strategy is understanding how to ensure security. Security best practices have evolved over time and continue to evolve. Replacing overly complex passwords with longer, simpler passphrases has helped, but organizations need to do more.
1. Pick a password manager
The average person has a lot of passwords to track across both work and personal accounts. People often have several passwords just for a variety of business tools, and not all of them are tied into single sign-on. A password manager can help users track their work passwords so that each one is secure and unique. If the organization requires them to change their passwords regularly, a password management tool is even more of a necessity.
2. Use multifactor authentication
Solid password management is not enough when it comes to file sharing best practices. If a person's email account is hacked, it allows hackers to reset those secure passwords. Requiring multifactor authentication (MFA), especially from outside the organization's network, protects the company's information assets. Any approach to sharing files that doesn't support MFA is not secure enough.
3. Audit access privileges
Tracking authentication and access to key systems is important. Not everyone needs full access to everything. When organizations grant more access than the employee needs, it increases the risk of a security breach, whether by a hacker or an insider -- even accidentally. Identifying and right-sizing the access employees have is a key file sharing best practice.
4. Use encryption
Encryption is critical. Most organizations recognize the need to encrypt information as it moves between systems. That same information needs to be encrypted at rest. That includes employee laptops, because many file sharing tools have sync-and-share features that store local copies of data. Syncing is a very useful feature, allowing for offline access and rapid access to files, but it also increases risk if a laptop is lost or stolen. Encrypting file storage both on the back end and the end-user device is a must.
Choose a secure file sharing tool
Once administrators understand the basic security requirements, the next step is to determine the right file sharing tool for an organization.
5. Adopt SaaS
Cloud services are a quick and easy way to begin securely collaborating and sharing files. Most SaaS tools provide the necessary security features, and they have large teams dedicated to providing security at scale. There may be challenges if an organization is spread over multiple countries with different privacy laws, but most large providers can help address those needs. Security is the top feature of these providers as they are only a data breach away from losing the trust of their customers. Options include Box, Dropbox, Egnyte, Google Drive, Tresorit and many others.
6. Use a VPN
A secure connection to the network for employees who are not in the office is a must. Even when deploying a SaaS tool for file sharing, there is always legacy information on internal networks that employees may need to access. VPNs protect that information from external networks that are not safe. Even an employee's home network is populated with devices that would not pass a cursory security check.
Implement a structure
Structure ensures that people can find information they need in the future. While it is easy for everyone to recall where last week's analysis is located, finding it a year later is harder. Search capabilities have come a long way, but imposing some high-level structure to file sharing and collaboration will pay dividends in the long run. Additionally, a structure allows administrators to grant more granular access rights to users. These methods of organization are a critical component of file sharing best practices.
7. Create the top-level structure
Organizations should create purpose-centric areas within their collaboration and file sharing tools. Every team has a different way of thinking and working, so IT needs to help users think through the structure of their file sharing. Administrators should do this for the first one or two levels of the folder structure. This technique creates some consistency across all collaboration areas and makes each group think about what they are trying to accomplish. IT can then structure access rights according to these folders. It is important for IT to not dictate the structure, however; when IT tries to get into the mind of the business, the result is often a poor user experience.
8. Set shared links to expire
A link is a quick way to share and grant permission to a file or a folder. Sharing a link should be easy because it prevents users from extracting information from the system for sharing purposes. However, when sharing outside of the organization, links should not last forever. External users do not need permanent access to any part of the organization. Setting expiration defaults for shared links ensures that external users do not have access to information after their need ends. If those external parties need extended access, employees can make active decisions to grant access for additional time instead of passively granting access forever.
9. Implement records retention policies
Every file is a record. Some records are trivial and can be disposed of quickly, like a company picnic announcement. Others, such as the annual budget, need to be kept around longer. IT must align records retention policies with both business and regulatory needs. Once an organization no longer needs certain information, remove it. That limits the scope of any data breach. The most valuable information is often the most recent, but there is no reason to unnecessarily expand your organization's risk profile.
Keep people informed
It is important to work with users to ensure that IT understands their needs and that employees understand their own responsibilities when it comes to file sharing best practices. That means communicating early and often with updates about progress, delays and anything that may affect users. This communication should include emails, meetings with open dialogue and most importantly, training.
10. Hands-on initial training
Every employee needs basic training on security risks. People need to understand the concerns and why simply collaborating through email is not secure. It is important to make sure that employees fully understand how file sharing tools can help meet their needs.
11. On-demand training
Many people take a training course and forget significant pieces of information. When it comes to using enterprise software, that is a problem. If an employee cannot recall how to do something, they will look for ways around the secure tools. Having quick tutorials available on demand can mitigate some of that risk.
12. Refresher training
The last thing most people want is more mandatory training. However, when it comes to security, regular training is the best approach. The security landscape changes all the time; helping staff understand the latest security risks is important to prevent accidental breaches.
Make employees' jobs easier
Following these file sharing best practices can help ensure that collaboration is efficient, organized and secure. But the most important part is to ensure that the tools makes things easier for people, not harder. Many organizations impose too much security and structure on their tools. This can force employees to find easier ways to collaborate, regardless of the security risks. Remember, if a system is too hard to use, people will find another way -- and that way will likely not be secure.