- 1. Security Toolkit: An Overview of Topics in Cyber Security
- 2. Security Toolkit: Introduction
- 3. Security Toolkit: Assessing Your Current Cyber Security Practices
- 3.1. Security Toolkit: Self-Assessment for Organizations
- 3.2. Security Toolkit: Self-Assessment for Individual Users
- 4. Security Toolkit: Specific Security Topics: What to Look into and Why
- 4.1. Security Toolkit: Endpoint Detection and Response (EDR)
- 4.2. Security Toolkit: Multi-Factor Authentication (MFA)
- 4.3. Security Toolkit: Backups and Securing Backups
- 4.4. Security Toolkit: Email Security
- 4.5. Security Toolkit: Data Sharing
- 4.6. Security Toolkit: Password Management
- 4.7. Security Toolkit: Encryption
- 4.8. Security Toolkit: Other Tips on Technology Setup
- 5. Security Toolkit: Security Policies
- 6. Security Toolkit: Training
- 7. Security Toolkit: When you Experience an Incident
- 8. Security Toolkit: 2021 Security Webinar Series
4.5. Security Toolkit: Data Sharing
What Everyone Needs to Know
Sometimes when doing your work, you will need to share information and data with other people both inside and outside of your organization. This can range from individual files to large-scale data sharing. Whenever data is shared beyond an individual, team or unit, there are some additional risks such as inadvertently sharing data with the wrong people or those who received the shared data further disseminate the data to others inappropriately. While there are specific tools to help organizations While there are a range of technologies that help organizations manage inadvertent or inappropriate data sharing which are typically referred to as data loss presentation (DLP) technologies, there are some simpler steps that organizations can take while they consider more robust DLP solutions.
Those steps include developing written data sharing protocols that work across the organization but also for specialized units or practice groups. Included in the protocols might be guidance on:
- types of data that may be shared internally and externally (this might lead to a data classification protocol) ,
- which entities or types of entities may receive shared data
- when it is appropriate to share data and whether specific permission is needed
- which technologies should be used to share data (e.g., encrypted files, encrypted email, regular email, open web links, login-protected web links)
Depending on how the organization proceeds in managing shared data, your staff will need to be trained on the protocols and the technology. Likely, your IT team may need to implement additional technologies such as secure email and file sharing tools. Generally, all users should use the technologies IT team provides to share data as opposed to using personal accounts (e.g. personal Dropbox, Google Docs, or private email systems such as ProtonMail). Avoiding personal solutions to more secure file sharing helped ensure secure as well as governance and control of the firm's data. Managers and decision-makers are urged to take data sharing security issues seriously.
What IT Needs to Know
When it comes to data sharing, internally and externally, do you know the who, what, when, where, and why? Do you have the technology and protocols/policies in place to protect your data?
- Internally, do staff and volunteers only have access to data and files they are authorized to use?
- Do staff and volunteers have appropriate, limited access within the systems being used (e.g., case management, accounting, donor management, human resources)
- When sending out sensitive data, do you know what is being sent, who is it being sent to, and if it is being sent securely?
- Do you have the tools in place to know or log what data is being accessed by whom?
- Do you have the technology, polices/protocols, and training in place to help staff share data appropriately securely?
- Does the technology used for sharing data allow you quickly revoke the shared data or expiry the sharing of data based on time elapsed or some other variable?
To facilitate safe and secure file sharing, make sure you’ve implemented secure file sharing methods (e.g. file sharing solutions as part of your document management system). It is worth repeating the importance of documenting the data sharing protocols and training all used on data sharing. Finally, depending on the data being shared make use of email and file encryption technologies to help limit unauthorized entities for gaining access to shared data.
Solutions to consider:
- Mimecast: Website, Pricing
- SharePoint: Website, Pricing
- BOX: Website, Pricing
- NetDocuments: Website
- Microsoft Data Loss Prevention: Website
Resources:
- “6 Smart Ways to Share Files Securely” (Business News Daily)
- “5 Steps to Becoming a Data Sharing Master” (TechBeacon)
