When your team is creating an important business or legal document that runs into several hundreds of pages, the work is distributed, with specific sections and roles assigned to different members of the team. Everyone works individually, and the project manager collates all the information into a single file. Collaboration on the file is via email, primarily.
Breaking It Down: File Sharing
One of the prominent characteristics of Web 2.0 is the ability to generate content and quickly share it to a larger audience. Internet applications, such as email or file sharing apps can also be used as attack tools to cause security breaches.
Email attachments: The simplest form of file sharing is to send an attachment via email. But sending it to the wrong address can wreak havoc. A spelling mistake or oversight can send sensitive data to recipients for whom it is not intended, or get circulated among competitors. The domino effect of an email going to the wrong address can be dangerous, since retrieving it once it is sent is difficult.
File storage applications: Sensitive information can land in the wrong hands when shared in file format. A global study conducted by Checkpoint, spanning 888 companies across the world, shows that 80% of the companies reviewed had at least one file storage or file sharing application running on their networks. But the risks of cloud file sharing are also many, including different versions of the same file floating around – employees could be storing the same information in different cloud systems for easier access.
P2P: Peer to Peer or P2P file sharing networks are used to share files between users. P2P is an easy target for attackers, since they open a backdoor to networks and allow attackers to spread malware among files. Users could accidentally share folders and leak sensitive data, or even acquire media illegally. Checkpoint’s study showed that 61% of the organizations surveyed used P2P applications.
The Dangers Of File Sharing In Collaborative Work Environments
Data is most sensitive when a transaction is imminent. This could be a major financial transaction like the transfer of funds to another company, or legal documents pertaining to a new deal or dissolution of a company, or intellectual property. The ease of data compression and the mobility of devices which are used to store data (external hard drives, USB drives etc,) means that your confidential data could be anywhere at any point of time.
A global study by Cisco, spanning the US, UK, Germany, France, Italy, China, Japan, Australia, India and Brazil, gives a detailed account of the risk points in collaborative work environments. Some of the top reasons for data breach include:
Unauthorized applications: Checking personal emails, shopping online or installing messaging services on work devices makes your system an easy target for hackers. Most of these applications are unmonitored. Employees often bypass security settings to download music or access websites they are not supposed to. This gives hackers and cyber criminals easy access to files stored on those devices.
Almost 80% of the survey respondents admitted to using their work computers to check personal email while 63% said they use work computers for personal use on a daily basis.
Remote working and BYOD: There is a lot of data transfer and duplication that occurs when employees work remotely. Files are often transferred to home devices, which do not meet corporate IT standards, or worse, on mobile devices which are shared or can even get lost. Add to this the hazards of having a device stolen or left behind in a public place and you have serious cause for worry.
- Close to 50% of those surveyed admitted to transferring files between home and work computers.
- 13% of remote workers said that they cannot connect to their corporate network from home, and end up sending business emails to customers and colleagues from their personal email accounts.
- 75% of the survey respondents said they DID NOT use privacy guards when working remotely in a public place, like a coffee shop or café.
Next week, we’ll take a closer look at who exactly could be viewing your files and how you can co-author documents without data leaks or loss.