The unauthorised use of personal file-sharing apps at work is a growing problem that can no longer be swept under the rug and ignored. On one hand these services, such as Dropbox and Google G Suite, can help employees to collaborate and share information. On the other, they often lack adequate security controls. That means countless numbers of employees around the world who share company information through such platforms are inadvertently putting their organisations at risk of information security breaches and data loss.
Most employees don’t realise the dangers that can arise from the unsanctioned use of personal file sharing services in the business environment. A survey conducted by M-Files found at least 50 per cent of employees have used unauthorised file sharing and sync solutions to share or store sensitive company information.
The real problem is that when employees use consumer file sharing services to share company information that data is taken outside of the company’s IT environment, often onto external servers and where data’s privacy settings are beyond the control of the enterprise. This reality increases the risks of data leakage, security vulnerabilities, and ultimately damage to the business.
Why are employees using their personal file sharing apps at work?
The unauthorised use of personal file-sharing apps represents a battle between usability and security. Employees who use these services are sending a clear message: They cannot afford slowdowns or be expected to jump through perceived hoops to send and share information and files that enable them to do their jobs. If organisations do not provide the tools that employees need to share information and collaborate with internal and external entities – or if the processes are too difficult to use - then users will take matters into their own hands.
Said another way, the fact that unauthorised use of personal file sharing apps are gaining a foothold in organisations points to an unmet need. Employees find these tools more accessible and easier to use than ones provided by their company. They want simple, intuitive solutions that are mobile friendly and more like the consumer apps they use in their personal lives. Unfortunately, too few companies have equipped their employees with enterprise software applications that meet that expectation. This in turn is fuelling the continued unauthorised, unsupported and unmonitored use of personal file-sharing apps in the workplace.
Corporate IT is not completely blind the problem. According to a recent ESG survey, an overwhelming 70 per cent of IT managers said they know or believe that their employees have business data residing within their personal file-sharing accounts. Apparently, they are ignoring the threat or don’t know how to effectively address the issue.
Some companies have tried implementing strict policies banning the use of these services, but these rules are difficult to enforce. Tracking information and documents in an increasingly mobile work environment is daunting, especially with the growing volume and variety of content being generated and stored in multiple business applications and cloud environments.
The reality is, trying to forbid employees from seeking alternatives is a losing proposition if the official, sanctioned software is not as good as the consumer options. Organisations need to balance security and data protection against their employees need for a simple solution for sharing documents and collaborating with individuals and businesses outside of their organisation.
What’s the solution?
Clearly, a key to success for organisations looking to curb the use of unauthorised file sharing is to ensure that company-provided solutions are as simple to use as their personal apps. Give employees a solution that makes it easy for them to collaborate and share information, and it will take away the incentive for them to look elsewhere.
Fortunately, there are solutions that allow companies to maintain strict control over their information assets without stifling collaboration. Using the right technologies can provide employees with the convenience, ease of use and speed they demand, while IT managers retain control, visibility, and security.
That’s where enterprise content management (ECM) systems come into play. Next generation ECM solutions provide an intelligent yet easy-to-use approach that meets the usability needs of employees without compromising security and data governance. In other words, ECM systems provide the best of both worlds.
What’s more, modern ECM systems also provide organisations audit trails and granular, metadata-driven access controls that can enable companies to know who accessed what and when – and even block user accounts, if needed.
And there are other benefits as well. For example, ECM solutions can deliver built-in version control and workflow capabilities to ensure employees have easy access to most up-to-date information. They also provide faster and more intuitive search capabilities that can be extended with integrations to business content residing within existing business systems and repositories. Businesses get the necessary levels of control and security they need for storing and sharing content – while employees benefit from using a collaboration tool that is just as easy to use as popular consumer-grade file-sharing platforms.
Of course technology can only do so much, there also needs to be awareness, education and training so that employees are knowledgeable about the dangers involved. Employees need to understand what tools they can and can’t use, and what information they can and can’t share. They need to know that unauthorised file sharing is risky business that can cause data security nightmares.
But to address the root of the problem, companies need to take proactive steps to provide an alternate solution that is equally fast and easy to use, but also provides the necessary levels of control and security - such as next generation ECM systems.
After all, sharing files and other information with colleagues and clients should be easy and convenient. What it shouldn’t be is a security risk.
Mika Javanainen, Vice President of Product Management, M-Files Corporation
Image Credit: Rawpixel.com / Shutterstock