Best Practices: Policies for Using File Sync-and-Share Services
One of the most popular cloud applications for small and mid-size enterprises is file sync-and-share. It makes sense: people need to share files and most file sync-and-share services are easy to install and use.
If not properly managed, however, file sync-and-sharing can result in data breaches and loss, and can place your company in legal jeopardy.
To minimize these risks, we recommend all businesses enact a simple set of policies that are easy to communicate and explain … and easy to follow.
- Employees may use file sync-and-share services, provided they have an business need to do so, use only company approved and managed services, and adhere to company policies.
- Only company approved services should be used for file storage and sharing; employees may not use free, consumer, or public apps or services.
- Employees must keep their usernames and passwords for file sync-and-share services secure, and must manage these passwords in accordance with company policies.
- Only relevant business information may be stored are shared using the company’s file sync-and-share services.
- Unless otherwise instructed, file sync-and-share services are intended for temporary sharing of files. Original versions of files should reside on company file servers or services.
- Access to files should be removed, particularly by external parties, when no longer necessary.
- Copyrighted, private, or secure information should only be shared if both the sender and recipient are authorized to view and/or use the information. This information should be encrypted by the file sync-and-share service, or a separate tool, before it is shared.
- The company’s file sync-and-share services are subject central administration and management, including access controls and permissions.
- Use of the company’s file sync-and-share services is subject to all relevant company policies regarding professional and personal conduct. The company’s file sync-and-share services are subject to company monitoring in accordance with company policies.
With these policies in place, you can provide employees with vetted file sync-and-share services both meet employees’ needs to share and collaborate, while protecting your data, your regulatory compliance, and your business.