Cloud storage and file sharing apps allow your staff to access, sync and share large files with people at work, as well as with clients and external suppliers from anywhere and on any device. Using these services can boost the productivity of your staff, especially when they are traveling or working away from the office.
But, if your employees are using unsanctioned, third party file storage and sharing services, your business could be exposed to data security risks, loss of data ownership and potential breaches of privacy and other legal obligations or industry standards.
Who’s seen your data?
When your staff access and share company files using their own personal cloud file sharing accounts, such as Dropbox, Google Drive, Box or OneDrive, your company loses control over its data. Your business ends up with no idea where company documents, even sensitive files, are kept. Your business loses all visibility over who has access to, and who shares, this information. Critical information could be shared with your competitors, leaked to the media or used in other ways to damage your business’ reputation.
But wait… It gets worse.
How secure is your data?
You might assume that cloud storage services are ‘safe’ and ‘secure’ to use. After all, these services are provided by well known, high profile and reputable Internet and technology giants. Many of these cloud service providers state that files stored on their services are encrypted for enhanced security. But ‘encryption’ can mean different things to different providers and there are different standards/ types of encryption, some of which are more secure than others.
Encryption is a type of ‘lock’ that is placed around a file, just in the same way as there is a lock on the door to your workplace. You would assume that your workplace is safe because you have the key to unlock the door. But what happens when someone else has the key? Do you have a list of everyone who has a key to unlock the door? Do you know if someone who has the key makes a copy of that key and passes it on to some unknown third party? A lock is only as secure as the people who have the key to open it and only remains secure while that key is not passed on to someone else. As such, you should never assume that data stored with a cloud provider who owns the encryption keys is secure or kept private.
If your company’s data is stored with a popular cloud provider, it could theoretically be accessed by, shared with or stolen by someone else. And you would potentially never know about this breach until it was too late.
But it still gets worse…
Are we breaking the law?
Theft isn’t the only risk associated with storing company data in the cloud. Your company could potentially, if unwittingly, be breaking the law.
Data sovereignty laws are rules that govern where certain types of data can physically be stored, even when that data is stored in the cloud (it is still physically stored on a server somewhere). In Australia, these rules are largely contained in Section 5B of the Privacy Act 1988 (Cth). In 2014, when the Privacy Amendment (Enhancing Privacy Protection) Act 2012 came into force, the data sovereignty provisions under the Act were significantly strengthened. Under Section 5B of the Act, it states that the Australian law and privacy codes or guidelines apply to an action done outside of Australia by an organisation, if that action relates to personal information about an Australian citizen.
It’s actually quite ‘simple’ for your business to ‘break’ this law: the action required to breach this requirement could be as minimal as using an overseas-hosted, unencrypted cloud service to store personal information about a customer who is an Australian citizen (likely most, if not all, of your customers).
What makes it even more likely that your business is potentially breaking the law is how broadly the Privacy Act defines the concept of ‘personal information’. According to the act this refers to information including, but not limited to a person’s:
- Name and address
- Medical records and health information
- Bank account details
- Photos and videos
- Biometric and genetic information
- Likes and dislikes
- Places of work
- Racial or ethnic origin
- Criminal record
- Sexual preference or praises
It is possible that right now your business is in breach of the Privacy Act and are unaware of this fact.
One of the risks that comes with using cloud storage is that users have no clear visibility on where the server is that the data is physically stored on – this server could be anywhere in the world! Therefore, according to the Privacy Act, your business could be breaching Australian law (if the use of that data is not within the guidelines of the Privacy Act).
Outside of legal considerations, you could also be in breach of specific standards relating to your industry. Many industry sectors (such as finance, legal, medical, etc) have their own codes of conduct or ethics and abiding by these is often a requirement for membership with a peak industry body or for certain types of accreditation that signal a company as an industry leader.
Are you risking your reputation?
Would you do business with a company that lost or exposed your data? It is likely that you would instantly pull your business with them. Your business is risking its reputation if your staff are using less secure cloud services. Even if the use of these services isn’t officially sanctioned by your business, you could be held liable for their use in this way.
Data loss and data breaches are often high profile news. I don’t believe that any publicity is good publicity. Could your business recover from the inevitable and widespread press coverage that will come after a significant data breach?
Your business needs a solution
Businesses are looking for a solution that protects their data and empowers their employees to be productive, no matter where they are and no matter which device they are working from. Businesses also need to know that their data is safe and secure and that the storage they are using complies with relevant laws. That’s why we built CloudFileSync, an affordable, enterprise-grade and company controlled File Sync and Share solution that lets your staff access and share their files securely, on any device. CloudFileSync also provides a range of storage deployment options so that you always know exactly where your data is physically stored.
CloudFileSync solves the file sync and share challenges your business is facing. We do this through offering all the features that your staff have come to expect from Cloud File Sync solutions, together with additional features that help you to protect your data and provide you with full oversight of file access and sharing. By providing a convenient, company controlled solution to accessing and sharing company files from anywhere, CloudFileSync helps to keep your data safe and secure by removing the need for your staff to upload business files to their personal cloud accounts.
Get in touch to find out how you can get CloudFileSync for your business.