Taking the TMI out of BYOD: Secure File Sharing

IMGCAP(1)]More than one accounting firm thinks BYOD (Bring Your Own Device) should be relabeled BYOH (Bring Your Own Headache). While mobile devices offer benefits of real-time access and response, and provide workers with more flexibility in accomplishing tasks, they are rife with opportunities for data security risks. In the accounting profession, with the need for absolute confidentiality and compliance, BYOD brings its own challenges in maintaining the needed level of file sharing security

In a recent global study on distributed and mobile businesses, performed by InsightExpress, respondents indicated 44 percent of employees shared work devices with others without supervision, 46 percent admitted to transferring files between work and personal computers, and at least 18 percent admitted to sharing passwords with co-workers.

These are scary statistics for accounting firms charged with the privacy of client data. One of the risk behaviors operative here, among mobile users, is the use of public file-sharing services. These are not inherently bad. They simply are designed for consumer use, and do not offer the level of security needed for sharing sensitive financial data. With your professionals on the go, visiting multiple clients and under time pressure, it’s critical to have them standardize on a platform that enables the level of security your firm needs, yet gives the flexibility of working they expect in today’s age of mobility.

Enterprise-level file sharing solutions are designed for a greater level of security and governance. Since your users will want to edit documents on the go, be sure and select a service that allows for easy editing, on any device, so that your users will not feel compelled to employ a third-party mobile application. In this way, your mobile workers can efficiently complete tasks, and collaborate on documents, without putting the data at risk. Here are a few key things to consider in choosing a service:

Access Control

In our Facebook “sharing” culture, sometimes it’s hard to remember everyone does not need to see everything. In sensitive data transmission and sharing, let’s apply the TMI (Too Much Information) rule. Before putting your enterprise-grade file sharing solution into use, spend some time thinking through what levels of data access you want to give departments, individuals and those outside your firm. Whether you’re a small firm with 10 employees or a large firm with multiple client practices, controlling data access is essential to helping mitigate risk.

You can create quite granular policy management rules to govern and control the access to all projects, spreadsheets and files. These rules will enable you to set up permission policies for sharing, synchronization, and also public linking. 

Data Security

Setting rules for who sees what is just one facet of tightening up file-sharing security. You will need thorough encryption for data in transit, in use on any device, and for retrieval. Authentication is the companion to encryption. Authentication can be ensured through the use of certificate-based server authentication, which ensures that the user’s agent will neither connect, nor cooperate with any server other than those that comprise the file-sharing service. In other words, this acts as a closed system to prevent unauthorized access to data and files. In this process you can employ policies to govern password expiration; re-use cycle times, as well as password complexity and number of allowed failed login attempts.

Service Monitoring

In this 24/7 business environment you’ll also want to ensure you have continuous service monitoring to guard against potential security risks and provide alerts as necessary. Similarly, plan on factoring in safeguards against service interruption. Geographic redundancy is the technical phrase commonly used. In plain English, it means that data is stored in different centers around the globe, and within each center, there is a backup server and file storage so that, if one server fails, the second will provide you with seamless access to your data. It also indicates more than one data center operating in each region, for further protection against a higher-level failure.

Auditing and Reporting

Accounting professionals may also want to consider looking at file-sharing solutions that have completed a SSAE 16 SOC2 Type 2 audit. This provides a further evaluation of their ability to provide sufficient customer data protection, access controls authentication mechanisms, audit trails, physical and logical security, software development, and other critical operational areas that impact service reliability.

Your IT administrator also needs tools to ensure data security. As part of your file-sharing service, you’ll want to include the ability to easily monitor and report on user activity, as a further safeguard against data leaks.

Lately, it seems virtually every day there is a news story about data security leaks. The explosion of the amount of data, coupled with enterprises becoming untethered from desktops, means the issue is not going away anytime soon. The accounting profession can, fortunately, work to tighten up file sharing security by putting enterprise grade solutions in place and crafting a detailed access plan so users only see and collaborate according to set rules.

Ahmet Tuncay is the chief executive officer of Soonr.

For reprint and licensing requests for this article, click here.
Technology
MORE FROM ACCOUNTING TODAY