Hidden risks with employee file-sharing practices

Mika Javanainen
In today’s workplace, collaboration is no longer an option, but rather a requirement—particularly for the construction industry, where project information needs to be shared among internal colleagues and team members, contractors, and subcontractors. Information security is another must-have, with nearly every company having at least minimal safeguards in place to prevent the theft of corporate data. While both needs are reasonable, they can often be in conflict.

Sharing information with members of a project team is not the fundamental problem: employees always find ways to deliver files to external parties. The challenge is to maintain control over the shared content. Obviously, most IT departments are worried about employees using unauthorized and personal cloud services for file-sharing. The motivation to do this is understandable from employees’ point of view—after all, they are problem-solvers by profession. Another member of the team needs information? Get it to her or him as quickly and efficiently as possible. In most cases, employees do not even know they are breaking rules or acting in a risky fashion.

The dangers can include a loss of control of your documents—such as not knowing the location of the latest version of a CAD drawing and wasting time searching for it, or even worse, using the old version in a project. Other common dangers are information security breaches, data loss, and non-compliance. A common risk is a project manager that has stored all the agreements on a personal Dropbox account. When that employee leaves the company, the agreements are gone forever.

The problem is widespread, and many firms have experienced some of the negative consequences. A full quarter of professionals surveyed by M-Files Corp. said their company has experienced some of these challenges related to use of file-sharing and sync tools. The survey further found 63 percent of professionals use Dropbox, Box, OneDrive, Google Drive, or another iteration of these programs. Additionally, 37 percent actually use their personal file-sharing or sync solution to share business documents “all of the time,” while 46 percent say they have done so with documents that would be considered sensitive or containing confidential information.

A 2014 report, “Respond to Employees’ Use of Consumer File Sharing with ‘Easy Content Management,” by Gartner, a research/advisory company, backs up this data, noting, “Employees continue to use consumer online file-sharing tools for sensitive documents, even when their company has banned the use of such tools.”

How to regain control

Key activities for regaining control of corporate data, safeguarding information, and keeping employees productive are establishing guidelines, providing tools, and communicating policies. To begin with, construction firm leaders and IT departments must recognize that personal devices and the need to share files are not going away, and they should understand that the only way to monitor which file-sharing applications are being used to share company information is by having specific and enforceable policies in place.

A good place to start is talking with employees about what they need to do—who they need to share information with and how. Then, it is important to discuss what they need—or want—to do that they feel they cannot do with the tools already provided by their firm. This kind of conversation is useful in a variety of ways, from gathering information about employee behavior to educating employees about the risks associated with unsanctioned file-sharing apps and services.

Leave a Comment


Your email address will not be published.