Best practice

Just sharing documents can jeopardize your business

  12. 02. 2019

Do you often share confidential documents with third parties outside the company? Do you use one of the popular online file sharing services to send large documents? If the documents you share contain confidential information or personal data, there’s a strong chance that such behaviour could jeopardize your business.

The use of e-mail, cloud storage, and other online services provided by companies with which you don’t have a contractual relationship may be questioned, or worse. When you need a solution and you don’t know of a more secure alternative, you probably choose one of these online services, which are also user-friendly and at least partly free.

What are the risks of using online document sharing services?

The risk lies in blindly trusting the online service provider. Do you read the terms and conditions before accepting them? Do you know how long the documents will be stored, who has access to them, and how and where they are actually stored? If you can’t answer the above questions, that means you don’t know how the online service operates, but you’ve still entrusted it with confidential information.

Inappropriate employee behaviour is the largest single source of information security violations.

When working with documents, the greatest risk comes from sharing documents without supervising the sender and without information on the recipient. By default, if you do not know who has sent and received confidential information, you’re already at risk, and your business is unsecure. 

Sending personal data is the most problematic.

This is even more important when documents contain personal data. Today, personal data are part of all key business processes, as well as the documents created when implementing those processes. Sharing files containing personal data via e-mail, cloud storage, or other dedicated online services presents a serious challenge to ensuring compliance with the GDPR. In addition, you expose your clients, potential clients, and business partners to risk. You can only ensure the compliance of personal data protection if your employees are aware of the importance of personal data, understand the need to ensure confidentiality, and take the rights of personal data subjects into account. 

Therefore, personal data protection cannot be the sole responsibility of a lawyer or the IT department, but requires a comprehensive approach and the participation of stakeholders from various fields. Simply sharing a large file - innocent as it may seem- can quickly become a problem for the whole company.

Sharing documents can be secure and effective

We can successfully solve these challenges if we share documents directly from our own document system.

That's why we have upgraded Mikrocop’s InDoc EDGE documentation system to include secure document sharing functionality. At any moment, we know who is sharing a document, with whom, when and for what purpose. The process is simple: choose the document you want to share, enter the recipient's e-mail address, the reason for sharing, the password, and the validity period for permission to view the document. Each recipient receives a unique link to the document. The password is sent separately, and the document is accessible only for the selected period. The recipient’s access to the document is monitored and, along with the reason for access, recorded in the audit trail.

With the new functionality, we always know who is sharing documents with whom, when, and for what purpose.

The new functionality is accessible to all existing users at no additional cost. Most importantly, InDoc EDGE users are already familiar with the solution, so there’s nothing preventing effective, safe and consistent business processes.

Does using online file sharing services pose a real threat, or is that just marketing? The threat is real. Of course, the threat won’t necessarily come true. As always, the question is whether you’re willing to take risks. I’m convinced that we can completely avoid this by using a different solution.

Klemen Novak, Business development manager at Mikrocop