1. Check your sync and share service to see if it supports privacy settings.
When it comes to file sync and share applications, make sure that the product you use supports “privacy” settings, which ensures that only people you specifically invite will be able to access a file. The system should also be able to support authentication, with a requirement that users identify themselves and have a password.
2. Set your account to “private” using basic security settings.
Most file sync and share applications default to a ‘public’ setting, which means that anyone who has a link to your files can readily access them. This might be convenient if you need to share a non-sensitive file with a lot of people, but we recommend you set your account to ‘private’ by default, and then specifically invite people with whom you want to share.
3. If you’ve already shared sensitive files in a public folder, delete them.
If you’ve already shared items that are not private, don’t change the status – delete the files and re-upload them in a new, private folder. Changing the folder status from public to private is not a foolproof way to protect files you have already shared.
4. Delete old files that you don’t need anymore.
Get into the habit of deleting files from your sync and share application once you no longer need them. We found numerous sensitive files that had been uploaded a long time ago, which most likely had been forgotten.
5. Never mix work and pleasure – keep business files and personal files in separate accounts.
We found a lot of business data in personal account folders. This is a bad idea. If you’re using a consumer-grade system, move your sensitive business data to an application that was set up for business use. Your employer may have rules about storing sensitive information on consumer-grade systems, so you could be in violation of law or contract if you put confidential information on those systems. If something goes wrong and the data leaks, the consequences can be severe: lost reputation, regulatory and legal issues and financial loss. If the data belongs to a customer or partner, data privacy concerns arise too.