Remote Work Needs Email and Cloud Content Storage for Security
With the COVID-19 pandemic forcing employees to work from home, expectations that remote working can be productive and is here to stay are being reinforced. Many SMBs are now faced with the challenge of how to maintain productivity without sacrificing the security of corporate data as the remote work trend continues.
An often-overlooked area in corporate security plans is the common and unsecured practice of using email to share files. Email is a critical application for any company, particularly as it relates to the productivity of employees working in any kind of remote situation. Email connects the remote worker with colleagues, customers, and clients, but it is also used to transfer important files that may contain extremely sensitive information. Today’s professional worker sends an average of 40 emails per day, and 25% of those have a file or files attached. This highlights a key issue directly related to data security: How to securely control access to files that are attached to outgoing emails, allowing the company to keep sensitive data from falling into the wrong hands and comply with industry privacy regulations.
To address this issue, file attachments to emails need to be eliminated. File attachments are exact copies of a file which are sent to all recipients of the email. This creates data bloat, bogging down email systems and calling for added cost when additional capacity is needed. More importantly, this file-sharing method provides no control over who can view and use the file, how long they have access to the file, and whether they have permission to forward the file to other email addresses. In an SMB of 500 employees in which each employee sends an average of 40 emails per day, 10 (25%) of which have files attached, and assuming an email with an attachment goes to an average two recipients, more than 2.6 million copies of files could be dispatched each year, risking exposure of sensitive information to millions of unauthorized users. It is easy to see how this practice not only allows a malicious actor access to corporate information, but also creates a compliance gap many companies have yet to recognize.
The first step to a more controllable and secure file exchange via email is the use of cloud-based content storage such as Box, Microsoft OneDrive, and Google Drive. Most of these services allow employees to share content by sending a link to the file instead of sending a copy of the file itself. This eliminates the danger inherent in sending multiple copies of a file. However, to control who has access to download the file and to provide other security measures, the cloud content storage service should have additional security features such as:
- Permission controls to regulate who has access to download the file based on the classification of the file (confidential, general, etc.), how long that access is provided, and only allowing devices that meet certain security requirements the ability to download the file. These controls can even limit the domains that can be used for external collaboration on the file.
- Extend or revoke access permissions as needed to retain control throughout the life of the shared file.
- End to end encryption of files, ensuring the file is secured while at rest in the system, while it’s being transmitted and after being downloaded.
- Monitoring and audit trails that can identify unusually high download traffic as well as track who downloaded a file and when they downloaded it.
- Data governance features to ensure content retention and access policies are enforced.
- International data protection compliance capabilities that help companies doing business internationally meet the various international data residency requirements.
As part of a data security plan for small businesses, large enterprises, and everyone in between, eliminating file attachments to emails should be high on the list of priorities. Using links to files stored on a cloud content storage system such as Box that can provide the above security features is a great first step.
A powerful next step, being covered in our next blog, is using an email management tool such as mxHero to automate the archiving of received files within emails. Integrating this type of tool with a cloud content storage system helps both remote and on-site employees use and manage email to exchange information more securely without sacrificing productivity.
Learn more about mxHero and data security here
Learn from the experts at RYAN how your organization can utilize these best practices in document security and information management: contact us or schedule a virtual demo today, call 800.842.1916, or fill out our information form here.