What College and University Boards Risk by Using Insecure File-Sharing Apps
Discussions and debates take up the majority of a college or university board’s time. Outside of board meeting time, board directors are working on all the issues that they discussed during the meeting. Committees may be deeply involved in the board’s work. Much of the board’s work requires doing research and sharing files and documents with other members of the board.
Board members may consider that the types of apps and platforms they’re accustomed to using pose strong privacy and security risks, which could have an extraordinary impact on their institutions. File-sharing apps such as Google Drive, Dropbox and OneDrive are all apps that the general public likes and with which they are familiar.
It’s vital for college and university boards to consider that those apps were designed with the general public in mind. They were not designed with the proper privacy and security that boards of directors need. The wrong apps and electronic platforms can spell plenty of trouble for higher education institutions.
Problems With Simple File-Sharing Apps
Simple file-sharing apps started out the same way as many other apps — with a good idea that solves problems or makes things easier for a lot of people. As one app became available, many other new and improved versions came on the market, each with its own unique features. The main goal of simple file-sharing apps is efficiency and group collaboration. They work well enough for students collaborating on assignments together, but they lack the necessary security for sensitive board work and for legal compliance.
Simple File-Sharing Apps Lack Security Features
Most of the publicly available file-sharing apps are lax in security features such as encryption technologies. For colleges and universities, managing risk is essential for protecting intellectual property and keeping revenue flowing. Hackers or transient employees who discovered company credentials may be responsible for up to 92% of companies having information for sale on the dark web, according to Skyhigh Networks.
Colleges and universities may believe that their data is their own; however, insecure file-sharing apps may store or transfer your information on insecure servers where it can get into the hands of others anywhere in the world. What’s worse is that publicly available file-sharing apps don’t allow you to retrieve information that gets lost.
Google regularly adjusts its terms and conditions. Most people don’t read their notices anyway, so they wouldn’t notice any changes to Google’s privacy terms.
From a privacy standpoint, colleges and universities often collect and store personal data for students, faculty members and others. Insecure file-sharing apps weren’t made with compliance in mind, which means that someone’s Personal Health Information (PHI) or identification information could easily be compromised. Those who contract or interact with PHI are bound to HIPAA compliance. College trustees who use insecure file-sharing apps could be out of compliance without ever knowing it.
Unfortunately, as people learn more about how to use technology, the more dangerous and vulnerable they may become. Technology generally tends to make tasks more efficient. As a result, many people prefer ease and convenience over trying to jump through hoops and over taking the time to get through electronic security gates. Insecure apps don’t allow for an administrator, let alone one that has the ability to control users and each one’s access to various parts of the program.
For example, it’s easy for most people to simply attach a file or a document to their personal or business email, without thinking through who may access it as it journeys through cyberspace. According to Computer Weekly, about 84% of business users use their corporate email accounts to send classified or confidential information. Almost three-fourths of those employees send confidential information via email weekly and 52% of the respondents admitted to sending confidential information through business emails every day. About 40% of data breaches originate with employees.
Insecure app developers are more inclined to be reactive relative to cybersecurity rather than take a proactive stance. In 2012, Dropbox became the victim of a phishing scam whereby several of their accounts were compromised. They took action to mitigate the damage after the attack.
One way that some colleges and universities have attempted to gain some sense of cybersecurity is to have board directors use their own devices. This is an imperfect solution because it fully relies on each director’s security choices and the security of the apps they use. The reality is that board business simply isn’t safe or secure on personal devices or applications.
In addition, some file-sharing applications, such as OneDrive, rely on sync to connect information on devices. Syncing can cause problems with conflicting versions of documents, slow uploading times and the potential for virus activity.
How a BoardEffect Board Portal Alleviates the Risks of Insecure File-Sharing
The surest way to eliminate concerns over insecure file sharing is to use a BoardEffect board portal system. With BoardEffect, board directors can be sure that every board activity they’re involved in occurs within the safety net of a highly secure board portal.
Board directors tend to give up quickly on electronic applications that are too difficult to log into or those that simply take too long to access. Using a board portal, board directors can access their meeting agendas, board books and meeting minutes with full assurance that the information is private and secure. As they conduct their research on the board, outside the board or in committee meetings, they can use the portal to share documents, knowing that they’re contained securely inside the platform and that only the intended recipients can access them.
Board administrators have the ability to authorize or limit access to documents and various other parts of the board portal because they have granular control over user permissions. This is an especially important feature as board directors join and depart from the board.
The best approach for colleges and universities is a proactive, secure approach to board director file-sharing. The risks in not investing in board portal software could result in big problems for boards, such as a data breach or reputational loss.