You wouldn’t open a free checking account for your company or sign up for a personal insurance policy to cover your company’s business and auto insurance. So why do you choose a regular file-sharing product to run and protect your company and its data? Consumer-file sharing products put your company and its bottom-line at risk, and it is costing others thousands of dollars in fines. IT consulting firms are taking action and advising businesses and healthcare providers to re-evaluate their security and file sharing practices to protect the business and prevent data leaks or loss.
Ungoverned file sharing is nothing new. Many businesses are permitting unregulated file sharing because they simply do not know their options or do not understand the elevated risk associated with consumer-level file sharing programs. Intralinks and Ponemon Institute conducted research about IT security, and 49% of respondents admitted the companies “lacked visibility and control over employee’s use of file-sharing services.”
Common consumer-grade file sharing programs are ones you have heard before and have probably used: Google Drive, Dropbox, OneDrive, SkyDrive, and ShareFile. While these services are great because you can store your family photos and personal documents, and you can access them with an app, they are not safe enough for your business’s sensitive data.
What’s the issue?
Companies often seek affordable—or even free—solutions to keep costs down. File sharing poses a significant threat to business and healthcare provider security. This is an issue that stems from the top because managers and essential personnel are struggling to keep up with security demands, personal device use, and employing effective security strategies to protect the data and integrity of the business.
How do consumer-level file sharing services contribute to the threat? Consumer-grade applications are easy to use, but they do not have the level of security and encryption necessary for data protection and recovery. This is especially concerning for financial institutions and healthcare providers. Healthcare providers are required to abide by HIPAA rules and regulations, and consumer-grade file sharing does not.
A Hospital Learns the Hard Way
St. Elizabeth Medical Center, a hospital with a troubled security past, was fined by the Office for Civil Rights and ordered to pay $218,400. The fine came after a 2012 HIPAA complaint filed by office employees who raised concerns about the hospital’s use of web-based document sharing programs to store patients’ confidential and protected healthcare information. The ungoverned practices put more than 500 patients’ personal and healthcare information at risk.
That wasn’t the last misstep for St. Elizabeth. In 2014, another HIPAA breach put at least 595 patients at risk. The 2014 incident involved a former employee storing unsecured PHI on a personal laptop and USB drive.
Companies and healthcare providers must make security their top priority. With ever-changing technologies and threats in the industry, essential management and business owners must employ professional IT services to address end-to-end encryption needs at rest, in motion and on all devices and enterprise file sharing software that meets compliance and data leak prevention requirements.