Friday, March 5, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

Avoid Data Leaks: Make Content Sharing Safe and Compliant

by Glen Segal
May 27, 2014
in Risk
Avoid Data Leaks: Make Content Sharing Safe and Compliant

A staggering 822 million records were exposed by data breaches in 2013, according to research from Risk Based Security. The frequency and risk of data breaches compels companies to look at their network infrastructure and security processes and take appropriate actions to guard against inadvertent data leaks.

An often overlooked area vulnerable to unintentional data leaks is through the use of free online file sharing and syncing solutions. While most employees never consider using a non-corporate sponsored email system, those same employees would readily collaborate through a free file-sharing tool, because it is easier to use than what is available from their employer. Another risky situation arises when a group collaborates by sharing documents and files over email. Version control quickly spins out of control as the volume of email exchanges skyrockets due to the complexity and volume of the edits and to the number of people involved. Project groups then turn to free, ad-hoc file-sharing and collaboration services, which can lead to serious data leakage problems as content is copied onto non-secure public cloud servers.

Unfortunately, IT departments are often unaware of or turn a blind eye to ad hoc file-sharing activity, which tends to expand as projects and teams grow. Compounding the problem, many of these ad hoc file-sharing solutions offer little or no active user authentication, encryption, file tracking or audit controls. Either through malice or by accident, sensitive data can be disseminated outside of the corporate network without regard to corporate policy or security tools like encryption, content filtering or other security solutions that are likely deployed for corporate-sponsored tools, such as email. Further complicating the risk, many of these ad hoc sharing solutions locate servers outside the country in which the company or users reside, such as a European organization sharing files from a U.S.-based file-sharing service. This may inadvertently subject the users’ data to surveillance or control in unexpected jurisdictions.

The disclosure of sensitive files, lack of audit control or the transferring of data across jurisdictions may trigger a compliance breach, summoning the wrath of the regulator or a class-action lawsuit. The consequences can range from a company-wide audit to fines or criminal litigation. Worse, it is almost impossible to track down those at fault, because many of these ad hoc sharing services do not maintain proper audit trails.

Through conversations with enterprise customers, I know that breaches and other data compromises as a result of free file-sharing tools have happened more frequently than most companies care to admit. IT departments have responded in part by using next-generation firewall technology and web filtering to block certain websites. However, it can be hard to spot each new file-sharing variant. Every day it seems I read an announcement about the launch of the next great file-share and -sync company with a free user program. In addition, the employees using these free solutions may be the CEO or other high-level executives. It takes a brave system administrator to ban unsafe file sharing, even though not speaking up can put the company at risk.

Critical questions

Instead of ignoring the issue at hand, IT departments, security and compliance officers and senior managers should accept that employees need an easy way to collaborate without putting the company at risk. Although there are a plethora of competing products, a set of simple questions will help sort out the products that are up to the task and those which fall short.

1) Will employees be sharing sensitive or confidential information? If the material is sensitive or confidential, then there is a need for encryption both at rest and in transit, whether data is consumed on PCs or mobile devices.

2) Will employees share files and get input from multiple parties in and out of the company and be using different platforms and devices? If yes, then the solution must be extensible inside and outside the company, be usable on PCs and mobile devices, and have features for version control and file backups.

3) Do you need to be concerned with the location of stored information? If this is a concern, the solution must be able to be hosted in the appropriate geography for data sovereignty or in an on-premises private cloud that complies with international regulations.

4) Do you have compliance controls and authentication policies in place for email and other corporate programs?  If so, you will need the same level of controls and tracking for file sharing and syncing solutions as you maintain for your other corporate systems. For security and compliance, it may be essential to enforce an authentication policy or integrate with content-filtering solutions, as well as having a method to track access logs and remove user access when the project ends or if members are no longer with the company or partner community.

The days of turning a blind eye and ignoring ad hoc, BYOD solutions are over.  You should answer these four questions to set your company practices around sharing information to ensure compliance with industry standards and your own corporate policies. Avoid the worst-case scenario of sensitive data leaking outside the company. Take action now and put a compliant, corporate-enforced, secure file-share application in place.


Previous Post

Investment in Compliance Professionals Rising Too Slowly to Meet Increasing Compliance Risk: Deloitte/Compliance Week Survey

Next Post

Compliance and FIFA’s World Cup in Brazil: Why They Don’t Go Together

Glen Segal

Glen Segal joined Accellion as CFO and Senior Vice President of Finance in December 2002. He has over 20 years experience in finance, fund raising strategy and business development. He was a partner at Mercer Management Consulting and has held finance and strategy positions at GE and GE Capital, Nortel Networks and Bay Networks. Prior to joining Accellion he was CFO of FlowStorm, Inc. where his responsibilities included financial management and planning, fund raising, and administration. He has also served as VP of Finance and Corporate Development at FiberStreet where he spearheaded multiple initiatives in financing, business development and operations. Mr. Segal holds a BA degree in Economics from Whitman College and an MBA from the University of Chicago.  

Related Posts

blue road sign with arrow on black asphalt background

Dynamic Risk Governance: Linking Strategy and Risk Management

February 15, 2021
three red dice on green felt tabletop

The COVID Trio: 3 Top Risks from a Year of Upset

February 4, 2021
Deloitte: Global Risk Management Survey, 12th Edition

Deloitte: Global Risk Management Survey, 12th Edition

February 2, 2021
illustration of businessman holding giant shield to protect him from falling arrows

Is Your Risk Culture Aligned With the Realities of the Digital Age?

February 2, 2021
Next Post
Compliance and FIFA’s World Cup in Brazil: Why They Don’t Go Together

Compliance and FIFA’s World Cup in Brazil: Why They Don't Go Together

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights