Three steps to prevent your employees from using unsanctioned cloud-based file sharing tools
By: Glen Gibson, Hyland director of product and solution marketing
If your employees are using cloud-based file sharing tools that you don’t want them to use, you’re likely aware of the challenges this creates within your organization and your information strategy. In a recent AIIM research report, organizations identified their three biggest areas of concern:
- Lack of visibility into what’s being shared and where it is located
- Inability to control who is sharing and accessing your information
- Risk of unintentional access being granted
Keeping these challenges in mind, how can you empower your employees to get their jobs done while preventing them from using unsanctioned tools? Beyond the obvious step of restricting access to URLs for certain cloud-based products, there are three essential steps you can take to ensure safe content sharing:
Step 1: Educate your employees
When asked how their organizations are addressing information-sharing challenges today, a staggering 65 percent of respondents in the AIIM study cited education as their primary method of defense.
Admittedly, at first I was a bit taken aback by this stat. I expected a more tangible answer to combatting unauthorized sharing methods – such as technology or strict policy enforcement. However, during the recent AIIM Conference in New Orleans, I hosted a roundtable on this very topic, and the conversation echoed the idea of education first.
“Employees are just trying to get their jobs done; they don’t want to comprise information, they just don’t understand the full implications,” said one attendee in the room.
Another chimed in: “In fact, if employees knew they were putting the organization at risk, they wouldn’t do it.”
In light of this discussion, I started to rethink how I was approaching the topic. I wondered: How can you empower someone to do something while making them aware of the risks of a bad decision? I was instantly taken back to something we all learned as children: “Stop, Look and Listen.”
Those three words, drilled into my head in my youth, are still somewhere in my consciousness every time I cross the road. I make sure to drill this same lesson into my two young children’s minds on a daily basis. I can’t stop them from crossing the road. In fact, I want them to cross the road themselves, I just want them to do it safely.
This concept inspired this resource: “Stop, Think and Share,” which is designed for you to use to educate your employees. You can’t stop your employees from sharing information. In fact, you want them to share, you just need them to do it safely.
(Bonus: Download an editable version of this resource to customize the tool for your own organization!)
Step 2: Provide a viable, corporate-approved tool for your employees (not just email)
In the world of content sharing, email is a tool you can’t ignore. In fact, 85 percent of respondents in the AIIM study cited using email to share, putting it at the top of the list, even above cloud-based sharing applications. So why are cloud-based sharing tools becoming so popular if email has been there all along?
While frequently used, email presents the exact same concerns as cloud-based sharing tools listed above. Let’s take these one by one: First, lack of visibility into what’s being shared and where it is. Sure, email might provide some ability to track down who shared what and with whom (if there’s a better strategy in place than nightly back-ups to your exchange server, but that’s a whole other blog post); however, no one would argue that this is a cumbersome task at best.
Does email give you the ability to control who is sharing and accessing your information, or mitigate the risk of granting unintentional access? Absolutely not! As soon as an email leaves your server, it can get into anyone’s hands (anyone remember #givegregtheholiday?).
On the other end of the spectrum from quick and easy email, other forms of sharing include sending a password-encrypted USB drive or setting up an FTP download site. While these methods address some concerns and might be perfectly valid for some situations, they are both slower methods of secure document sharing.
Clearly a viable, secure file sharing alternative is needed to address these challenges, offering the speed of email but the same security and control as FTP sites and USB drives. ShareBase by Hyland is such a tool, designed to provide a designated set of employees with the ability to share quickly, without compromising corporate information.
Step 3: Assign a clear owner for the problem
In the AIIM survey, when asked “Who, if anyone, is responsible for ensuring the proper use of your content sharing tools, policies and procedures?” the answers revealed an important insight: There’s no clear standard across organizations.
In fact, 45 percent of organizations said it was the responsibility of IT staff; 33 percent said line of business executive, department head or process owner; 21 percent said information governance manager/director; 11 percent said chief compliance officer; and the rest said either the CIO, COO or other.
The 32 percent who have someone dedicated to information governance or compliance are due a congratulations! This is an excellent role and/or department to own this area, as they can look holistically at how information is being managed across all tools.
For those organizations unable to staff a dedicated governance or compliance position, you have some decisions to make. The key step is to choose someone who you will hold accountable for the content sharing problem, and then make sure everyone in your organization is aware where the responsibility lies. (Once you do, give the owner the “Stop, Think and Share” document to distribute to employees!)
While the challenges are many, there is a clear path to combat the content sharing quandary and prevent your employees from using unsanctioned sharing tools: Educate them, provide a viable alternative and assign ownership over the issue.
Remember, you can’t stop employees from sharing content, but you can help them stop, think and then choose the right tool to share.