2 technology practices to stop now!
Many corporations are moving to G Suite, a perfectly reasonable and robust enterprise solution for office productivity and collaboration, on par with Office 365, for access permissions, data loss protection, versioning, and other controls. However, some smaller organizations confuse the use of the free online apps as “choosing” an enterprise solution. Here are 2 reasons why it’s not the best choice, and what you can do about it.
Forwarding to Gmail
When you purchase a web site domain for your business and build a website, many hosts give you the option of hosting your email there or forwarding your email somewhere else. In place of hosted email, some are redirecting all mail sent to a firstname.lastname@example.org to a personal employee Gmail account. Convenient? Sure! Cheap? Absolutely! Secure? Maybe not so much.
With new regulations on the horizons, like GDPR, and existing regulations governing the storage and use of personally identifiable data, the business owner must realize that what they are actually doing is transferring the responsibility of protecting company data and communications housed in email messages and calendar items to the individual. If you wouldn’t send money in the vault home with your employees to mind at their private residences in their private cookie jars, this is probably not a good idea either.
Without going into an exhaustive explanation of regulatory requirements, suffice it to say, it is the organization that should take on the job of protecting data assets, such as contact information. If you like the idea of Gmail, absolutely look into a G Suite enterprise account. For as low as $10/month per user you can have the peace of mind that comes from working with a real business communication and office productivity solution.
Sharing files indefinitely
Even if files are stored on a central Google Drive for your team and shared, how is it shared, with whom is it shared, and for how long is it shared? The default level of sharing from plain, old Google Drive is can edit. You simply type all the email addresses for those whom you wish to view/edit the file or folder. Often, the easier thing to do is to click Get shareable link. Unless and until someone goes back into the sharing information and changes that, it stays that way forever! With the versioning and access control afforded by the enterprise version, a file-sharing practice that has run amok may be able to be more quickly reigned in. In private Google Drive accounts, it is not as straightforward.
Whether you subscribe to G Suite or use another cloud file storage provider, you should start to move files off of personal G Drive accounts. One approach would be to sort in order by date and look for the sharing icons indicating that the file has been shared. If the file can be deleted, delete it. Otherwise, by default, discontinue sharing with anyone outside your organization first. For each item that you choose to keep shared outside your organization, create a log with a link to the file and a date in the near future to revisit the choice to share. This log should be kept up to date and audited from time to time.