With the launch of Google Drive for Work, the sky is the limit for users. Users are empowered to collaborate and harness the productivity benefits of the cloud like never before. The offer of unlimited cloud storage is unprecedented and, with the shift away from network and file shares, usage of the platform will increase dramatically.
With greater usage and increased collaboration come data security concerns. Although Google is very secure as a platform, users can be the wildcard and without proper training or oversight may inadvertently introduce exposures of your organization’s data.
Here are a few tips you can share with your users and put into practice today.
1. Don’t Overshare
Deciding who to share files with can be a little confusing. Many will opt to share a file to the entire domain, to anyone with the link, or publicly. Enabling this domain-wide or public visibility runs the risk of exposing sensitive data unnecessarily.
Instead, make it a rule to only share with the individuals who explicitly require access to mitigate both security and compliance risks and modify sharing permissions accordingly once a project is complete.
2. Out With The Old, In With The New
Over time, users will naturally collect months, if not years, of files in their Drive. With the unlimited space offered by Drive For Work, storage is no longer an issue. However, users should regularly clean house and re-evaluate their documents’ sharing permissions.
Are you sharing files with former employees’ personal email addresses? Do people outside the organization, such as former partners, have access to documents containing sensitive data?
Such files can become an exploited vulnerability if left unchecked. By regularly, perhaps quarterly, reviewing the sharing permissions of your files, you help improve your organization’s data security posture.
3. Eager to use a Third-Party App? Read the Fine Print.
You know that third-party app you’re really excited about? The one that rewards you with a cute puppy image every time you check a task off your to do list? (Please note: this app is fictional, hopefully not for long).
Do you know who developed the app? How much information did the app’s access scope ask for? Does it have access to view, or even manage, your email, calendar, work files, or pictures? Should you care?
Third-party applications can offer immense value, but also have the potential to open a backdoor into your organization. Apps require certain data to operate, and while the third-party applications themselves are often secure, many apps have a surprising amount of authority.
Make sure to evaluate each application when you are using your corporate credentials. Does the app enhance your productivity? What information does is request access to? If the application is not work related, consider using your personal credentials when adding it.
Take Ownership of Your Security
Users are (and should be) empowered to take responsibility for their own files’ security. In adopting a people-centric approach, users can significantly reduce the risk of exposing sensitive data – both internally and externally.
To begin practicing a people-centric approach, guide users to the right decision by making the secure option the path of least resistance. Employing a cloud data loss prevention (DLP) solution that notifies users directly when policy violations occur and subsequently enables self-remediation decreases the workload of security teams – all while improving an organization’s security and compliance posture dramatically.
Ready for More?
In our eBook, you will learn strategy and tactics every organization can leverage to complement Google’s data protection capabilities, with a specific focus on behavioral security.
The eBook discusses data security and compliance within Drive, dives into the power of securely enabling collaboration, speaks to the value, risk, and potential controls around 3rd party SaaS apps, examines the benefits of file-level encryption, and finishes with actionable tips to make it all happen.