File sharing apps are great…;but

Standard

googledrive

Technology columnist MJ Shoer says file sharing apps, like Google Drive, provide greater efficiency for workers, but businesses need to have data protection policies in place.

The following was originally published on March 20, 2016 on Seacoastonline.com.

Box, Dropbox, Google Drive, OneDrive, these are all great file sharing applications. File sharing apps allow you to save your files and have them synchronize and be available wherever you need them.

File sharing apps make your data available in the Cloud and on your mobile devices and all of your computers. For example, when you save a file to your file sharing app on your Windows PC you will also be able to access it via your web browser from any computer you have access to. If you install the same file sharing app on your Mac, you’ll have access to the file there. Install the app on your iPhone, Android phone, iPad or Android tablet and you can see the files there, too.

File sharing apps are great for insuring you have easy, intuitive access to your data wherever and whenever you need it. In early versions of these apps, access was not as intuitive as it is today. Today, most file sharing apps integrate nicely into your file management system. On a Windows PC, this is File Explorer. On Mac it’s the Finder. When you open your file management tool, ideally your file sharing app presents itself as another folder or drive that you may easily drag and drop your files to. All the same file management capabilities you use on your device exist in your file sharing app and more.

Sounds great right? It is, but it comes with some risk you need to understand and more importantly, manage.

Some additional features in file sharing apps allow you to share the file with someone who does not use the app. This makes it easy to send a link to someone to access a file you want them to. You will also have the ability to password protect access in case the link winds up in unintended hands. This is one area where you need to be sure you are careful. As easy as it is to access your data, it is also easy to accidentally share files or even entire folders, without any safeguards, so be careful not to violate your company data protection policies.

Speaking of company policies, be sure any file sharing apps conform to your company IT and data privacy policies. Free file sharing apps like Dropbox proliferated quickly and made their way into corporate America with little oversight. Savvy businesses are beginning to implement file sharing apps that offer more security features to insure company data is properly protected.

While still providing the ease and intuitiveness of the widely known file sharing apps, business class file sharing is coming in to its own. With the ability to brand and secure the file sharing apps to conform with company policy, these apps are providing IT and senior management with protections they require for the important data that finds its way into these apps.

When working with file sharing apps in a corporate environment, sharing data goes beyond what devices a single person may access their data from. They often become collaborative platforms that allow multiple people to access the same data across their own devices and from any location. This can lead to version conflicts and lost updates as one person might be able to overwrite another’s work. In these instances, a critical feature is the ability to lock the file so only one user can update it until that person unlocks the files for others. This needs to be a seamless and semi-automatic process to protect the integrity of the data.

Auditing who accesses and shares what files and when is also critical in the workplace. For compliance and general good stewardship, you need to be able to track who last accessed your data. You also need to be able to remotely manage all devices using the file sharing app. If a device is lost or stolen or an employee terminated, you need to be able to destroy company data on those devices to protect the company’s data and comply with any compliance requirements you may have.

File sharing apps are a great productivity tool and enable people to work more efficiently. Deploying these apps in a corporate environment requires thoughtful planning, proper management and oversight. A little planning will go a long way toward insuring you are able to use these apps and realize all the benefits while minimizing any risk.

 

Create your human firewalls

Standard
humanfirewallsTech columnist MJ Shoer says companies need to assure their employees are trained to avoid being tricked into setting ransomware upon their networks and that users of the computers themselves are the last line of defense.

The following was originally published on March 6, 2016 on Seacoastonline.com.

Over the past two weeks, yet another new form of ransomware has been circulating the Internet and multiple companies have fallen victim to the scheme.

Ransomware is essentially an e-mail socially engineered to appear very real, tricking you into opening an attachment or clicking a link to bring malware onto your computer. From there, the malware encrypts your data, making it inaccessible. The only solution is to restore from a backup or pay a ransom to the criminals who create these threats to obtain a decryption key to regain access to your data.

The real issue around these threats is not how well your IT infrastructure is architected to prevent threats. Company networks with the best firewalls, anti-virus software and threat prevention systems have still fallen victim to these threats. This is because they are not only socially engineered to get a user to do the wrong thing and infect their network, they are also technically engineered to make their way past the network defenses by tricking the user to make them appear like legitimate traffic into the network. This is where the concept of the human firewall comes into play.

I continue to say that you, the user of your computer, are the last line of defense. You are the human firewall. Like a hardware firewall, you need to be setup properly to defend yourself and this is where proper user education about threats and how to defeat them are critical. In today’s world, it is imperative that your company have a defined, regularly scheduled and monitored employee training program when it comes to IT security.

When designing and implementing an effective training program, consider this simple example. There are four major forms of e-mail attacks that target users. Phishing, spear-phishing, executive whaling and CEO fraud. In this example, what each mean is not what’s important. If you asked members of your staff if they know what each of these are and how they differ from one another, would they know? Most likely not and this is just one type of attack vector. There are many others. The key question then becomes, how do you educate your employees so they know their risks, retain this information and take proper action when they are attacked. It’s not an if, it is a when.

When it comes to training your teams about IT security, try to avoid some of the common mistakes. Don’t stick your head in the sand and hope all will be well, it won’t. You also don’t want to throw training sessions, videos or tests at your staff during impromptu breaks or lunch meetings. This type of training needs to be treated with the same importance as the most important report you have to deliver to your most important customer.

Develop a comprehensive training program that incorporates multiple aspects of effective training methods. Combine your program with traditional methods, effective technology and simulations to demonstrate the types of risks your employees are likely to encounter. Start with a baseline that you expect all employees to understand and grow from there. Be sure your program includes random tests to validate your staff is retaining this critical knowledge throughout the year. Be sure to get the buy-in of your executive team as their support is crucial to the success of this program. Also keep in mind, executives are a specific target and may need more specialized training based on threats known to be targeting senior executives.

The key message is not to rely on technology alone to protect your critical information. Develop a solid and managed training program that will equip your employees to be the human firewalls that will allow your company to avoid falling victim to a breach, hack or theft.

%d bloggers like this: