The popularity of consumer file-sync-and-share solutions such as Dropbox continues to grow, as consumers appreciate the ease with which they’re able to transfer large files, such as photos and videos, to family and friends. While beneficial to consumers, these applications are problematic for IT departments. More and more employees use Dropbox to share corporate files, and don’t fully understand the risk. Organizations must do a better job of warning employees that using online file sharing tools to share sensitive files at work can result in serious penalties, and even termination. Let’s take a look at why:
1. Operating in the shadows.
Companies’ IT departments aren’t able to track when an employee accesses Dropbox to share files and are unable to control which employee devices are able to sync with a corporate computer. This practice, often called “shadow IT,” effectively locks the IT department out of the file-sharing activities of employees. As a result, IT departments are unable to track how files have been modified, determine who has viewed files if sensitive information is leaked, or remotely wipe Dropbox if an employee’s device is stolen.
2. Potential for data theft.
Dropbox has limited security features, and because companies aren’t able to monitor what files are synced to what device, it’s impossible to know whether data has been shared with or accessed by the wrong party, which increases risk of insider threats and data theft.
3. Data loss.
Dropbox has been known to lose customer files (source this) – or fail to back them up at all – meaning that employees run the risk of permanently losing company files, with no way for the IT department to recover them.
4. Adherence to compliance regulations.
Many industries have compliance regulations which dictate that certain files have limited access or remain encrypted during transfer. Because Dropbox is not equipped with secure file regulation capabilities, there is an increased risk that employees are unknowingly violating their company’s compliance requirements.
5. Limited data security.
All employees know that it’s important to protect sensitive files such as financial data or intellectual property documents. Yet Dropbox has limited encryption and security features, which leaves data exposed and at risk of being corrupted or landing in the wrong hands.
While Dropbox and other online file sharing tools are sufficient for sending personal files, these systems simply aren’t capable of securely managing corporate file transfers. There’s certainly a demand among employees for reliable, user-friendly file transfer options, and IT departments should look to meet this need by providing employees with a highly secure alternative, such as Managed File Transfer (MFT) solutions.