This blog post is the third in a series on the data risks and solutions available for file sync and sharing services.
In the first two posts in this series, we focused on some of the risks and basic concepts for file sync and sharing services. In this post, we focus on ways to mitigate risks.
Provide Employees with an Approved File Sharing Service. As we have noted in our prior posts, if you do not provide an approved service, employees will sign up for and use one of their own. The difference? With an approved services, you have access to your employees’ data and clear ownership of the information. You can also monitor and manage for adoption, usage, and (if desired) adherence to policies.
Have a Clear Policy. Let employees know that personal and company data and systems are to remain separate, and why. Provide a list of approved file sharing and sync services, as well as a clear an concise statement which other services may not be used (i.e., all others) and why. The policy should include consequences for violations, along with a means for approved exceptions.
Block or Blacklist Unauthorized Tools. For many organizations without decent web filtering services in place, this recommendation will be difficult to implement.
Audit Workstations for Unauthorized Use. Beyond application monitoring, when you scan workstations for application inventories, look to see if sync service agents have been installed.
With a moderate planning effort and reasonable monitoring and enforcement efforts, businesses can take advantage of the conveniences that file sharing and sync services offer, without exposing data to unnecessary risk and loss.