Information Governance Blog

information Governance
12.08.2020

Working from home? Keep a leash on that data…

Data sprawl is a hot topic during COVID-19. After all, it was tough enough to keep tabs on all of your sensitive information and regulated customer data when we were all in the office, and everything was at least supposed to be held tightly by the company’s DLP solution. Over the last six months, companies who never dreamed of working from home, have moved their data and documentation out of the office right alongside them. As a result, we all need tools that enable us to stay on top of a growing problem – controlling how your files, unstructured data, and attached documents are managed, and mitigating data sprawl across the organization and all your cloud environments.

1. Limit those email attachments

Did you know that some studies show a single user being responsible for up to 55,000 duplicate files each year, simply through email attachments alone?

One single email attachment might seem like a single copy of a document, but in reality, once you consider copies in archives and redundant servers, duplicates for different devices, and locally saved files – this is far…

Now remember that you might send the same attachment to your whole team, and you’re starting to see how those numbers rack up.

Instead, think about using cloud storage more effectively. Cloud storage such as Google Drive or OneDrive doesn’t duplicate the files, or save additional copies anywhere. Instead, it simply sends a link to the file. One copy of the file, viewed by as many stakeholders as you want. This strategy would be enhanced further if there was a preventive tactic that understands and acts upon your company policy on where a file can be sent.

2. Careful of Zoom, Slack, Monday and all the rest

Of course, it’s not just Zoom et al, but any communication, file-sharing software that you’re using to keep in touch while everyone is working remotely. Especially in less tech-savvy industries, these tools might be a new reality for many staff members, who feel that a private meeting room is a safe space to share information. Even if you set aside the instances of hackers infiltrating video conferencing meetings, the data that’s being shared via the chatbox does not automatically get deleted after the meeting ends. In many cases, attendees are sharing passwords, attachments, or links to critical information via Zoom, Slack, or any other communication channel. This will all end up on the Cloud, so make sure that you only share permitted information

3. Think about devices

Every time a new device is used, another copy of a file comes into existence. This could be transferring files from a work desktop computer to a personal laptop, viewing and downloading something on your mobile phone, or using a USB flash drive to easily transfer information. It can add up quickly. Have you given your staff specific policies for how they view and manage information? Do you have BYOD rules, particularly related to file sharing via the device? These are all important considerations for remote workers,and in many cases – due to the speed and urgency of the pandemic, steps that have been missed altogether.

4. Educate staff

You can’t eliminate all the risks that remote working is opening across the world, but they certainly can be mitigated. Employees will be putting information at greater risk simply by using their own devices, the adoption of collaboration technologies such as Slack and Monday, or the inability to just walk across to a colleagues desk and have a conversation rather than being forced to write it all down!

The most important thing is not to consider file sharing security and data sprawl only an IT problem. Include all employees in the right education  (start by sending this blog out to your team!), make them aware of the risks, and consider technology that can automate file classification of your attached files and your dark data, and that syncs your organization’s file sharing policies for risk, compliance, and business priorities.

5. Adopt automated data protection for file sharing

Although legacy DLP technologies are no longer relevant to today’s hybrid cloud environment, there are solutions for automated data classification.

What is critical to look for are technologies that offer policy modelling stimulation with virtual multiple labels so that you may sync all the organization’s policies of security, privacy and business operations.

This way you can optimize the labeling of each file. Only this kind of precision that takes into account the user’s needs and the context of the need can give an organization the file label that is required to satisfy security, privacy and business needs.

If you want to understand this better, let’s schedule a call with one of our data protection experts.