Long before the pandemic, organizations were familiar with distributed teams. Now it’s all about the hybrid workplace. Remote and hybrid work continue to drive the need for organizations to provide collaboration solutions to work without limits, work on the go and work securely, from anywhere.

The ability to share files with external users (guests) is a great feature that allows you to securely collaborate with people outside your organization, such as your business partners, vendors, clients or customers — if it is set up and managed appropriately. Collaboration solutions with open sharing present an easy target for cybercriminals, especially if you are not aware of or control your external sharing practices.

Do you know where your business-critical and sensitive data resides and what is being done with it? Do you have control of this data as it travels inside and outside your organization?

Many cloud collaboration platforms have out-of-the-box settings to allow open or easy sharing, which lets employees share any information with anyone in or outside your organization. Your employees may not know the level of security that exists (or doesn’t exist) for the information they share.

By establishing and reviewing external sharing practices, you can provide the right information to the right audience.

Next steps

  • Review external sharing configuration and settings: Review the external sharing settings (if enabled) and their limits, keeping in mind the configuration can be different for each collaboration solution and set at different levels within the solution. Check your application provider’s documentation or engage an experienced third party vendor if you’re uncertain on how to configure.
  • Know whether data is being shared externally: What information is being shared with external users and how much? Most collaboration solutions have auditing functions that provide the ability to log and search for external sharing. An even better solution is to set up alert policies that identify activities performed by users based on the conditions you define. You can also engage a third party if there is uncertainty about how to set up and monitor activity.
  • Identify locations of sensitive information: Is there information in cloud applications that is sensitive and should have limited or no sharing? Where specifically does that information reside, and who has access? These are very important questions to ask and answer in order to make sure you are protecting your sensitive data.
  • Configure restrictions on sharing of sensitive information: Discuss protecting sensitive information with your IT department or IT service provider. Implement best practices by following the cloud application vendor’s guidance to secure your sensitive information. Here, too, you can engage an experienced third party if there is uncertainty about how to properly configure sharing.
  • Implement an ongoing review of stored information and best practices: Regularly take inventory of shared information, since sensitive information may be added in new places. Frequently check your cloud application provider’s best practices for updated information.