Collaboration has been the word of the day for a long time now. We work in teams, we collaborate with external partners and we leverage all resources at our disposal. In order to function efficiently in this manner, we routinely give access to others to everything from our working files to our calendars. The challenge is this: you leave too many doors open and the wrong person might just walk in.
Keep outsiders out
One key best practice we encourage when it comes to giving outsiders access to your main data storage/sharing platform is that you don’t. From Box to Google you can specify that only users from your domain can access files in that work space. This means that you will not be able to share any documents with anyone outside your organization. From time to time, or depending on your job, this may cause some challenges. However, you can always download the file and email it or you can set up a temporary space where you house only those files you want to or need to share with outsiders. You may be thinking, “why do I want to go through all that trouble? Isn’t the point of cloud-based file sharing easy access to all?”
The answer is yes, but it is too easy to share the wrong information. For example, you invite an external collaborator to help you draft a proposal for a project. The project moves forward and that folder becomes the central repository of documents. It is now an internal project and possibly IP, financials and a myriad of other documents are now stored there - all along this external collaborator has access to it and no one has noticed. Scenario two, you send a link to give quick access to some key documents in a folder. Your email and link is forwarded to a team that may need to look over that information. While you sent the link to one person, any number of outsiders can now access information in that folder with that link. The possibilities go on and on. If you lock down sharing to only those in your domain, you are immediately barring anyone not in the company from access. It may be inconvenient at times to have to move a file to another space that is open, or to download and email a link, but the peace of mind and security you are enforcing internally will be worth the trouble.
So I share my calendar, what's the problem?
Many of us share our calendars so that we can easily find a time to meet with others, so that others can schedule time for us, or so that project teams can find an available time slot in our busy day. Additionally, any changes to an event are then sent to all users keeping everyone in the loop - that’s great right? It is but in the case of Google calendar for example, if you set your calendar to public anyone can find it in a Google search query - they don’t need a link to your calendar! Moreover, any new events default to public unless you manually change the setting for that event. Recently, an employee of Shopify gave unintentional access to company sensitive information, hiring practices, and links to internal company Zoom meetings all through their public access calendar.
Google is aware of this issue and there are many articles that go deeper on this particular issue but the fact remains that if you give others access to your information, you run a risk.
Many of the pitfalls associated with data being over shared unintentionally can be managed with tight data security policies that are implemented company-wide and at the application level.
If you want to learn more about how to lock down your company data, creating the right security policies for your company, or safe ways to share, contact us at Hybridge, we are here to help. Email us at info (at) hybridge.com
Share this blog: