One of the things that working under COVID-19 lockdown has given us is insight to how our other halves work.
During a tea-break I popped downstairs and was present as my wife – a course administrator at a university – faced a challenge familiar to many. How to share a set of documents containing sensitive personal information with a group of people authorised to see them, but not all from the same organisation.
Fighting the temptation to jump in and shout “Want to buy a Vault!” I thought about the underlying challenge. I typically help clients think about how they tackle regular and frequent exchanges of documents with the same groups.
This was a different requirement to our usual work – helping clients create standardised and secure processes for exchanging information. This is relatively infrequent – but often enough to be a risk. Where the users, the documents and the purpose is different every time. Ad-hoc sharing of documents.
A Frequent Challenge with No Common Solution
This was an example from a University setting – but it’s common in any organisation where there is a lot of documents containing personal, sensitive or financial information. Off the top of my head I can think of scenarios covering Education, Health / Social Care, HR, Finance, Legal, Accounting – all areas where systems exist to cover every-day processes but regularly experience ‘ad-hoc’ needs to exchange documents securely.
It leaves the employee with a tough choice:
- Don’t do it – unacceptable. Failure to do the job is not an option
- Get IT to create a solution. Fine for the first couple of times, but do IT Support really want to set up a micro-site in SharePoint EVERY time? And do they really want to hand over the keys to everybody and then have to support it?
- Cheat. Find a way with what they know: “Hey, I use Dropbox at home, it’s great – that’ll do the trick and the others will find it easy”
Security, Compliance and Cost Impacts
One recent survey highlighted that 70% of IT professionals knew or believed that their employees have business data residing within their personal file-sharing accounts. In another survey 46% of employees admitted to using their own file sharing solution to share confidential documents.
It’s a fair bet that in almost all of these cases, the data sharing actions by the user were legitimate business communications required to accomplish job responsibilities.
It’s a security and compliance nightmare. Personal, sensitive and financial data where it shouldn’t be and there’s little or no control over it.
Sometimes employees appreciate that Consumer Grade Cloud File Sharing Services like Dropbox aren’t fit for purpose. So they organise a subscription to the business version. Whilst this offers something of a security upgrade, there’s still uncontrolled documents and software in play. ‘Shadow IT’ is also an unseen cost.
Does it need to be so difficult?
In short – No.
It starts with recognising the issue. Then creating a simple set of rules that are easy for employees to follow. Then support that with access to a tool that is fit for purpose.
What do we recommend?
Safe-4 is the tool that we configure for our clients to enable them to share documents securely at scale.
It can also be provided as an easy and simple tool for regular business users.
This means that a simple rule can be deployed. If a document contains personal, financial or sensitive information and it needs sharing outside of the organisation – put it in a Vault.
An admin user can create a temporary Vault for the group in under a minute. Documents can be uploaded and shared securely in seconds – and when the Vault expires there’s no issue of ongoing, uncontrolled access. Better than a paid subscription to Dropbox or similar, it’s only necessary to pay for admin users.
SafeShare using Safe-4.com provides simplicity, control and compliance:
- Secure files, secure storage and secure transmission with end-to-end encryption
- Complete audit trails of all activity within the Vault
- UK-based hosting
- Easy sharing experience: users can initiate a secure exchange of files through a convenient and intuitive web interface
- Simple to roll-out: Set the rule “if it contains sensitive, personal or financial information – it must go in a Vault” and the easy-to-use tool can be provided with little or no user training required