General security

The dos and don’ts of sharing sensitive business data

Ajay Patel
November 20, 2014 by
Ajay Patel

All businesses handle sensitive data of one kind or another. Whether this is confidential client information, financial details, or even employee addresses, it should all be treated carefully and shouldn't be put at risk. Data is most frequently put at risk when it is shared - this is typically when information is least secure. When it leaves the safety of a hard drive, secure cloud storage, or someone's brain, this information is exposed to the chance of being accessed and shared by unauthorised individuals.

The problem is, sometimes you have to share this kind of sensitive information with other people in order to run your business. So how can you prevent your data from falling into the wrong hands when you're sharing it? Here are a few dos and don'ts to help you ensure that your sensitive business data stays secure while sharing.

Don't use email

Email is one of the most insecure ways of sharing information online. It is all too easy to accidentally copy the wrong recipient into an email, or for an email to get forwarded on without your knowledge. People leave themselves logged in to their email on public computers, emails can be easily hacked into, and if devices are lost or stolen there's minimal protection to prevent access to the inbox.

Don't use consumer file sharing tools

Consumer file sharing tools are notorious for insecurity: take Dropbox's password leaks, and iCloud's hacking scandals. You can't guarantee the security of data shared via the public cloud, and consumer file sharing services do not have enterprise grade security features or information security certifications. They don't meet organisational security compliance policies and are perceived by most IT departments as a risk.

Do use a dedicated enterprise file sharing platform

Get a platform that is designed for business. Cloud-based secure file sharing platforms enable the secure transfer of documents and information without the risks associated with email or consumer tools. Access is granted on a permission-only basis with each user requiring a login. Correctly accredited software-as-a-service providers will offer enterprise-grade security features that will ensure the protection of all data within the system.

Do find a certified enterprise cloud vendor

When you choose your file sharing platform, make sure you check the cloud vendor's reputability and information security policies so you can guarantee they are keeping your data safe. Find out, is the vendor ISO 270001 certified? Are they audited independently? You need to know that the vendor has good information security policies and procedures in place to keep your and your clients' data safe.

Do set user permissions and file expiry dates

For added security, choose a file sharing platform that allows you to apply digital rights management and automatic expiry to each shared file. Digital rights management allows you to restrict saving or printing of the file and prevent unwanted data leakage, and applying expiry dates automatically revokes access to the file after a specified period of time.

Get your guide to the top-paying certifications

Get your guide to the top-paying certifications

With more than 448,000 U.S. cybersecurity job openings annually, get answers to all your cybersecurity salary questions with our free ebook!

When it comes to sharing sensitive information, it pays to be as secure as possible. Ensure that your business is equipped with the best in enterprise file sharing software to avoid running any risks with your own or your clients' data.

Ajay Patel
Ajay Patel

Ajay Patel is the co-founder and CEO of HighQ (highq.com). He oversees HighQ’s global operations, business development and product strategy. HighQ was founded in 2001. Since then, it has worked hard to build an exceptional reputation for delivering leading-edge software to some of the world’s largest law firms, investment banks and corporations.

Find the right career path for you.

Get 12 cybersecurity training plans: one for each of the most common roles requested by employers.