Don't Let Unauthorized File Sharing Eclipse Information Governance Initiatives
We recently wrote a white paper about file sharing and the many problems unauthorized sharing can cause. In many cases, organizations struggle with unauthorized file sharing and don’t even know it. Usually, unauthorized sharing is caused by the use of personal file shares to access and store information. This behavior can be the result of a few things. Sometimes users just don’t want to work within their ECM or DMS. In other cases, they want the ability to work remotely, so they store their information in something like OneDrive or Google Drive. Finally, the cause can be that the organization has implemented too many systems, and users just want easy access to their content. Whatever the reason may be, you can’t let your users implement unauthorized ways to share content and eclipse your information governance initiatives.
Problems that can arise
To begin, storing content in unauthorized systems and file shares can lead to issues like social engineering or data breaches. Just recently, Verizon wireless was a victim of a version of social engineering. In this case, a third-party organization that houses Verizon’s customer data accidentally uploaded information onto a public cloud. The third-party addressed the mistake immediately, and the information was not compromised. However, with the implementation of the GDPR quickly approaching, Verizon would have been responsible, even though they did not commit the mistake, to pay a hefty fine for this sort of mishandling of information.
Another thing organizations have to be aware of is whether or not the content has to be stored within the country of origination. In the case of using a cloud file sharing solution, the servers the content is stored on may not live in the country of origin. For example, in Canada, based on which province your business is located in, and what industries your business is involved in, you are required to make sure data is stored within the country. For example, if you’re a medical researcher in Nova Scotia you will certainly be responsible for housing data in Canada. On the other side of things, if you’re a real estate agent in Manitoba, you would be able to store data across borders without penalty.
What do we suggest?
To start, you should find out why your users are working around IT-sanctioned systems to share or store content. Since these reasons can vary amongst users, be sure to do dig deep and talk to users across the different departments within the organization. Once you have done that, you should think of ways to better serve the needs of your users. That way your users don’t have to rely on unsanctioned workarounds to get their work done. Each organization is going to have a different response to this issue whether it be to integrate file shares into their governance plans or putting systems in place that don’t allow them to access certain file shares.
There are a few things that we can help with if you ever run into this issue. We enable the seamless use of disparate systems by synchronizing content, thus enabling your users to use file shares without eclipsing your information governance initiatives. Our solutions can also help you implement administrative oversight to keep users from working around IT sanction systems. Either way, integration and synchronization are going to be the best way to keep your information governance initiatives intact.