15 . 04 . 2022
GOOD PRACTICE Secure sharing of company documents. A guide for entrepreneurs.
15 . 04 . 2022
The growing expectations of users regarding the ease and availability of online solutions are one of the main drivers of the digital revolution. This, of course, also applies to document-sharing. However, in this case, the comfort of use is only a half-success. In addition to a user-friendly interface and modern functions, what is still of key importance is security.
Today, entrepreneurs are exposed to the risk of losing shared files like never before. They must constantly adapt the company to changing regulations. How to connect these two seemingly distant worlds so that the daily exchange of information becomes both comfortable and safe?
We have created a compact guide in which you will learn how to share corporate documents much, much better.
How to recognize my company needs?
It’s a question that every entrepreneur should ask. When it comes to sharing documents – which is an inevitable situation while running any kind of business – it is worth starting by identifying the internal and external communication channels of the company.
The internal circulation of documents and information will include the team, our associates, or accountants, regarding both the corporate tools such as email domain and server, and outside platforms used in our everyday work: e.g. Google, Slack or GitLab.
In turn, the external file circulation will apply to customers, contractors, regulatory authorities, offices, suppliers and every entity that is a recipient of our products and services.
Even this simple division of communication channels will help us strengthen security. In the case of internal communication, it is worth creating a list of currently used applications and then reducing it to a minimum so that communication is as centralized as possible with just a few tools. In the case of external circulation, however, it will be particularly necessary to establish communication rules and apply good practices for secure file and document sharing by all employees, e.g. against phishing. Alas, we will not always have an influence on how the other party communicates.
Why make this effort?By creating guidelines for communication in the company, you will minimize the risk of information chaos, which may be difficult to clean up when challenges arise. Besides, a narrow range of tools has several main advantages:
- Faster work
- Easier finding of information needed
- Less risk of human error
- Less risk of cyberattacks
- Greater convenience of sharing files
From the perspective of an external addressee, consistent communication on the part of our company will be perceived only positively. It’s worth limiting the number of e-mail threads with the same person, and if we share large files – using a cloud-based tool to do it, preferably one integrated with e-mail. A well-structured communication will have a positive impact not only on relations, but also on the course of cooperation.
Information security and the GDPR
Let’s start, however, with the must-haves. There is no question of information security without taking into account the GDPR, especially when our company operates in or with the EU countries. People who are just starting to think about their own business should carefully read the general data protection regulation: Regulation (EU) 2016/679 of the European Parliament and of The Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Regardless of the company size and industry, the provisions of the GDPR give a lot of freedom in terms of how the data – and thus also the shared documents – will be protected. However, they must be protected without exception, and the GDPR obliges entrepreneurs to create a policy for the processing of personal data and to respect the right of customers to view, modify and delete their data.
Any company owner can be the administrator of the personal data of the company’s clients. There are no special guidelines as to their competences, as long as the company does not strictly process data – in that case, the position of a personal data protection officer should be created.
Maintaining the GDPR is a statutory necessity in the EU. If you have doubts as to whether your company processes personal data correctly, the best solution will be to consult this issue with a specialist and conduct appropriate training.
GDPR and file sharing
Entrepreneurs should be aware that sharing documents with parties both inside and outside the organization is one of the ways of data processing. Documents containing personal data, and, therefore, subject to the protection of the GDPR, must be processed with the consent of their owner.
By definition, this processing means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
In practice, the company begins processing personal data as soon as it obtains the consent of the data owner or sources data from a publicly available source. It is important to maintain that in the case of each document, including archival documents, each employee is able to recognize whether they are competent to process the data contained in the document and how to process this data, and in the context of this article – whether, how and to whom to make it available. Determining which people in the company can process documents subject to GDPR protection and to what extent is absolutely crucial.
The GDPR distinguishes administrators and persons responsible for the processing of personal data. Both of these groups may share the same responsibilities, but only the administrator can set the rules and purpose of data processing, of course, in accordance with the act. Building this awareness in the team is one of the pillars of secure document sharing.
What is phishing and how to counter it?
There is also a second pillar, which can be broadly defined as the knowledge of the rules of safe usage of the Internet, with particular emphasis on the phenomenon of phishing, which takes its toll even on experienced users.
Phishing is nothing more than a fraudulent attempt to obtain data based on various types of social engineering. One example of phishing is a cybercriminal impersonating a company’s client in order to obtain their account login details. Unfortunately, there are more and more cases of pretending to be a bank or a public institution in order to use their authority at the time of phishing confidential information.
Building awareness, training and practicing mindfulness – also through controlled penetration tests – is the best way to counter the threat of phishing, which, due to its soft nature, is unfortunately so effective and willingly used by cybercriminals.
How to share confidential documents?
Now let’s move on to the issue of file-sharing itself. As we wrote at the beginning, the fewer tools we use to share documents, the better for security. The keyword here may be data repository. Repository will enable you to reduce the frequency of uploading files and to share links instead of separate documents, which not only facilitates cooperation of several employees at the same time, but also allows you to delete a file from the server when, for example, it is mistakenly sent. In such a case the link will simply stop working.
This is not always an ideal method, because it may happen that the recipient has already downloaded the file to their disk, but in many instances, e.g. when viewing a PDF in a browser, the file will end up in a temporary folder and become unavailable on another viewing attempt.
Get to know tools for collaboration on documents.
Overproduction of documents is a threat to information security. Therefore, it is worth including a tool for sharing documents in your daily work, for example Google suite, which, to some extent, can also function as a corporate repository.
The Mountain View giant’s platform will allow you to merge mail, spreadsheets, text editor and disk space, which all provide a high level of data security and a good workflow for the team. Large files can be uploaded to Google Drive and shared as links. The advantage of Google tools is also the ability to grant several models of permissions to a given document to people who have a link or to limit the rights only to selected people.
What is the Virtual Data Room?
While Google is a good choice for internal team work and sharing current documentation, we should think about a dedicated solution when sharing strictly confidential files, especially outside the organization. VDR, also known as a virtual data room, is a cloud-based platform used for the most secure sharing of all types of business information with clients, partners or public institutions.
It is an industry standard in the consulting, financial or investment industry – wherever the highest protection of files shared online is required. In fact, only VDR will allow full control over who will be able to access a given document and to what extent. What distinguishes this solution?
VDR approaches the issue of security holistically – it is both the product itself and compliance with strict regulations (GDPR, MIFiD, MAR, ISO 27001 and so on) combined. An exceptional level of internal organization and knowledge of the team makes this SaaS solution a security standard as high as in electronic banking.What VDR features allow for secure sharing of documents through this tool?
Supervision of what is happening in the system
One of the unique features of VDR are system administrator reports. After launching a virtual data room in our company, the administrator function can be performed, for example, by a data protection officer or the head of a given project, department, etc. It is possible to create a clear structure of documents for each group/project and to establish a hierarchy of access to data for each user, so that managing multiple projects at the same time is possible. The person supervising the system (including the company owner) will have access to all settings and be able to evaluate the progress of work.
Reports offered in the FORDATA VDR solution include, i.a.:
- User loggings
- Comparison of access rights to folders and documents
- Popular documents
- Unopened documents
- Changes in user access rights
- Changes in group rights
- Changes in documents and folders
- Activity over time
- Summary of group activity
Reports allow us to define who, when and for how long was logged into the system and what documents he or she opened, and even for how long they were viewed. Thanks to this, it is possible to accurately determine the work history of a given user and to actually determine what information was processed by them.
Advanced functions that limit access
Virtual data rooms also have a number of functions to limit the access to files stored in it to the users and third parties. They include, among others, two-step authorization, limiting the pool of IP addresses from which you can log into the system (e.g. only from company addresses), geographic restrictions, e.g. preventing access and processing of data located in the system outside of the country, confirmation of the NDA agreement during each logging, or forcing a password change to VDR on first logging.
If at the same time communication is being carried out regarding the project of which the files have been collected in VDR, it is possible to run the Q&A module, useful especially while cooperating with external specialists, e.g. an auditor or a lawyer. Such communication will be equally protected, and its record, along with the system reports, will be available in the form of a post-project archive. This will allow you to keep the entire history of work on the project – useful especially in the case of legal disputes, when you need a material record of cooperation, decisions made or advice given, while the entire record will be stored in one platform.
Revoking Document Access Rights At Any Time
To explain how valuable this feature is, let’s look at the following situation:
Confidential financial information emailed from a company client was forwarded by a manager to a part of the team. An authorized group of users from the “Accounts” folder has gained access to these documents. Unfortunately, the file was mistakenly shared with another group, “Outsourcing”, which included 5 people who were not authorized to view this documentation at all. As a result, there was a breach of the provisions on the protection of personal data and the disclosure of the trade secret to a third party.
While in the case of e-mail such an error would be irreversible, immediate action in the data room can be taken at any time. Not only are we able to withdraw access to the documentation for the “Outsourcing” group with just a few clicks, but also to check whether its members have opened, saved or printed the document (if they initially had such permission granted), and an assessment of how long the documentation was viewed for. This will allow us to mitigate or even completely neutralize the results of the mistake, a feat impossible to achieve with popular tools.
Summary: Your Company Can Have Complete Control of Information Confidentiality
Best practices of file sharing are fundamental to corporate security. However, choosing the right technology will allow us to obtain many additional benefits. Popular cloud tools, such as Google, will work well in the daily work of the team. They enable easy collaboration on files and reduce the number of tools and communication channels, thus reducing document overproduction.
When we need to provide sensitive documentation, however, it is worth taking a look at dedicated solutions, such as VDR. It will give you maximum control over information flow and file sharing process. Thanks to the features typical for solutions of this class, such as activity reports, detailed models of file permissions, data encryption and access restrictions, it is an optimal tool when we want to create a secure repository in the company, shared both outside and inside the organization.
We hope that the information gathered here will help you better look at the issue of secure document sharing also in your company.
Share confidential documents securely. Try out FORDATA VDR free for 14 daysSTART NOW Get your trial version for free
Did you like the article?
Do you want to exchange knowledge or ask a question?
Write to me : Krzysztof Pytel page opens in new window
01 . Venture Capital and Private Equity - the differences between the funds
PE/VC – what are the differences between Private Equity and Venture Capital funds? We point at the main characteristics of both.
02 . Fundraising - how to obtain financing with the VDR tool?
Acquiring financing is a process that requires proper planning based on the current economic conditions, especially in times of crisis…
03 . Who is obliged by DORA and how?
DORA regulation is another step of the EU into operational resilience of financialentities. Who does in concern?
04 . Secure sharing of company documents. A guide for entrepreneurs.
The growing expectations of users regarding the ease and availability of online solutions are one of the main drivers of the digital revolution.
05 . FORDATA system reports – all news in a nutshell
The new version 5.0 of the FORDATA system has been well-received by our users. Working in VDR has become even faster…
06 . How to improve document workflow – 5 rules
Desks full of binders and busy employees with cardboard folders in their hands – these are classic pictures, especially known from…
07 . Company audit – how does it work?
It can be inevitable and often it causes irrational fear. In fact, it is a great opportunity to help your business grow. An audit in a company is always a serious undertaking.
08 . Audit during the pandemic - how has it changed?
The epidemic has had a significant impact on the economy and the functioning of companies, therefore its effects…
09 . FMCG industry – how do companies adapt to the market?
The FMCG industry is trying to make up for the losses lockdowns caused in numerous European countries, while selling of consumer goods…
10 . The scale of restructuring is different in each industry.
11 . Business continuity plan – why your company should have it
The pandemic has made companies aware that although it is impossible to predict all the black scenarios, having a solid business…
12 . How to black out text in a PDF document correctly?
Document redaction has many faces – it may turn out that overwriting of the text in our document, which at first glance looks…
13 . Restructuring and the pandemic – accelerated digitalization
Market closure due to the COVID-19 pandemic has intensified the restructuring efforts of many companies. The phenomenon…
14 . What documents can you load to data room?
Virtual Data Room is a great alternative to applications like Dropbox and Google Drive, especially when it comes to security…
15 . Are your email attachments safe?
The modern office cannot function without email. According to the Radicati group, a statistical employee receives 121 messages per…
16 . GPG standard – a word on encrypting confidential data
Some users want it 101% safe. If the files we share via cloud services really need that extra layer of protection, encrypting them with a GPG standard might be a good idea.
17 . Safe cloud and the user – a marriage of convenience
According to a report on cloud computing prepared by McAfee, up to 87% of the companies surveyed believe that…
18 . Virtual Data Room as a green solution
Entrepreneurs increasingly use ecological solutions and try to implement them almost in all areas of the company’s operation…
19 . 5 startup tips from FORDATA
Learn 5 startup ideas that may help your project set off – from first-hand startupers! Read our tips that can help your project get off to a good start.
20 . Top 4 Advantages of VDR over FTP server
Even today, FTP server is a popular method of transferring files. With its help, we can quickly share virtually any type of…
21 . Fake software aggregators – how to identify them?
Business owners and experts usually don’t have time to check every new piece of software, including data rooms, and som…
22 . Cloud Data Storage And File Security
The internet has become a common thing in companies’ lives. The enormity of dedicated services, fast transfers and increasing mobility…
23 . How FORDATA Data Room Works?
Are you interested in how the VDR project works in FORDATA? What is our secret of delivering excellent customer service? We have previously…
24 . FORDATA Competitive Advantage – Customer Support
Have we already mentioned that we are available 24/7/365? At FORDATA we are extremely flexible…
25 . FORDATA – Outstanding Customer Service!
FORDATA Team is flexible and understands your needs. You can read more about our Customer Service HERE. We act…
26 . Due Diligence audit using Virtual Data Room - security in your company
The process of sharing confidential information can be greatly improved by using Virtual Data Room. Preparing for an audit?
27 . Virtual Data Room: Everything you need to know
What is a virtual data room? What benefits can we achieve by using the system in merger and acquisition transactions?