What College and University Boards Risk by Using Insecure File-Sharing Apps
As your college or university board goes about its board business and trustees and committees work on projects together, sharing files online is commonplace. However, the types of apps and platforms trustees use could pose privacy and security risks, which, in turn, may have a negative impact on the higher education institutions they oversee.
File-sharing apps such as Google Drive, Dropbox, and OneDrive are designed for public use, and therefore lack the necessary level of security for college and university boards’ work. The wrong apps and electronic platforms can spell plenty of trouble for higher education institutions.
The Problem With File-Sharing Apps
File-sharing apps started the same way as many other apps — with a good idea that solves problems and makes things easier for a lot of people.
The main goal of file-sharing apps is efficiency and group collaboration. Public file-sharing apps work well enough for students collaborating on assignments together, but they lack the necessary security for sensitive board work and legal compliance.
Here are some of the major problems your institution can face when using insecure file-sharing apps:
- Data breaches: Servers that lack security can become vulnerable to data breaches as hackers gain access to sensitive files that can expose personal, financial, or confidential information. People associated with the institution may be impacted by identity theft, financial loss, legal consequences, and more.
- Reputational loss: Stakeholders may lose confidence in the institution and shift their support elsewhere as a result.
- Ransomware attacks: Criminals may infect a computer system with malicious software and demand a ransom payment in exchange for unlocking the system.
- Insider threats: Employees may intentionally or unintentionally expose sensitive data.
- Third-party risks: Apps often integrate with third-party services to enhance functionalities. Third parties can compromise the overall security of a file-sharing app if the third party’s app lacks the proper security.
- Lack of audit trails: The lack of security measures can make it challenging to track who has accessed files, rendering it difficult to investigate security problems.
- Lack of control over shared files: Some apps limit the user’s control allowing access to files to large numbers of unauthorized users.
According to IBM, the average cost associated with managing a data breach in the education industry in 2023 was $3.6 million, so it pays for higher institution boards to bolster security related to file-sharing apps.
File-Sharing Apps Lack Security Features
College and university boards have a duty to manage risk, and as board data is often sensitive in nature, so it’s important to protect it.
Many publicly available file-sharing apps are lax in security features, such as encryption technologies, increasing the risk to higher education institutions.
Colleges and universities may believe that their data is their own wherever it is shared; however, insecure file-sharing apps may store or transfer information on insecure servers, where it can get into the hands of others anywhere in the world. Understanding who owns the data stored in file-sharing apps can be complex.
If your trustees are using file-sharing apps to collaborate on documents, in some cases, it may be challenging to identify who accessed or modified files. This could make it difficult to attribute any wrongdoing or security breaches to specific individuals.
And, even worse, publicly available file-sharing apps don’t allow you to retrieve information that gets lost.
Colleges and universities may also have specific compliance requirements related to data security and privacy. If you have policies and guidelines in place that state that you may not solely rely on the security features of third-party file-sharing apps, then your board needs to follow suit.
Technology generally tends to make tasks more efficient. Unfortunately, the more we use technology, the more vulnerable systems may become. For example, it’s easy for most people to simply attach a file or a document to their personal or business email, without thinking through who may access it as it journeys through cyberspace. Also, insecure apps don’t usually offer granular permissions to restrict access to various parts of the program.
One way that some colleges and universities have attempted to avoid cybersecurity issues is to have board directors use their own devices. This is an imperfect solution because it fully relies on each director’s security choices, and the security of the apps they use. The reality is that board business simply isn’t safe or secure on personal devices or applications.
In addition, some file-sharing applications, such as OneDrive, rely on sync to connect information on devices. Syncing can lead to conflicting versions of documents, slow uploading times, and the potential for virus activity.
Why a Board Management Solution Can Help
The surest way to eliminate concerns over insecure file sharing is to use a board management system, such as BoardEffect. Board directors can be sure that every board activity they’re involved in occurs within the safety net of a highly secure board management solution.
Using a board management platform, board directors can access their meeting agendas, board books, and meeting minutes with full assurance that the information is private and secure. As boards conduct their research outside the board or in committee meetings, they can use the platform to share documents, knowing everything is securely contained inside the platform and only the intended recipients can access them.
Board administrators can authorize or limit access to documents and various other parts of the board management system because they have granular control over user permissions. This is an especially important feature as board directors join and depart from the board.
A Responsible Approach to File-Sharing
The need for file-sharing on a higher education board is necessary and evident. Since there is no escaping electronic file-sharing, boards of trustees must take the most responsible approach: using board management software that’s highly secure and specifically intended for board use. The risks of not investing in board management software could result in a data breach or reputational loss – either of which can be extremely costly.
See how BoardEffect, a Diligent Brand, can help strengthen your higher education board’s cyber resilience. Request a demo today.