With today’s reality of remote work and online learning, people need the ability to share content—documents, presentations, photos, videos, lesson plans, you name it—to get work done. And because of this, security around internal and external sharing is more important than ever before. While the ability to share content with colleagues both inside and outside the organization helps people stay productive and connected, you must protect against risks. Accidental sharing of sensitive information or sharing with unintended recipients can pose a threat to the integrity and privacy of your data, people, and devices. OneDrive helps you define secure, virtual perimeters for sharing content, educate people about your policies for secure collaboration, and monitor how people share to discover and address gaps. In this practical guide, you’ll learn about how you can easily manage secure external sharing.
Establishing boundaries to help prevent critical mistakes
The first things to consider when it comes to external sharing are the hard sharing restrictions for your organization. Depending on your business or industry, you may have different requirements that you must meet for protecting sensitive information. You should also consider what behaviors you want to prevent entirely when people in your organization share information. For example, are you worried about users enabling anonymous access to files containing sensitive information, such as financial data, or personally identifiable information, such as credit card numbers, Social Security numbers, or health records? Or are you more concerned about leaking company IP? The best first step is to talk with your Security, Legal, or Compliance teams to understand their requirements.
Another example of how OneDrive helps you establish these specific boundaries is by enabling you to limit external sharing to specific groups of users. For example, Sales and
Marketing may need permission to use Anyone links to share information with a broad number of vendors and customers. On the other hand, you may want to give HR and Finance permission to share information only with external users who authenticate their identities before accessing files. Now, you can add and manage security groups to determine who can share content externally—and who they can share it with. Bottom line, setting up security groups helps reduce the chance that someone who’s busy or distracted will accidently share the wrong information with someone outside your organization or school.
Create security groups to segment users and allow external sharing .
Setting people up for successful collaboration
Collaboration is absolutely critical for both remote work and online learning. But when people are working, security usually isn’t foremost in their minds. The power of OneDrive is that it provides rich capabilities that enable them to share content and collaborate securely by default. In OneDrive, you can set up your organization's policies so that people who tend to click Share and go about their business have less permissive sharing options—and you can also let people choose more permissive options as needed. You do this by specifying the type of link that’s selected by default when people share files in OneDrive: anyone, people only inside the organization, or specific people. You can also set the permission to either view or edit. This way, employees, teachers, or students can’t accidently share information with anyone outside the organization or externally share content that is meant for internal use only.
Set up your organization's sharing policies.
Another great example of helping people be successful is setting up expiration policies. This ensures that external users won’t retain access to your content indefinitely, and helps prompt people in your organization to periodically review who they’ve given access to their files. You can also easily revoke access that was previously granted.
Educating people about secure collaboration
With long daily to-do lists, people are often trying get through tasks as quickly as possible and mark them complete. The last thing you want to do is slow them down by preventing them from sharing files. That’s why we built quick reminders and help into the OneDrive UI to remove some of the burden from your IT help desk. So if you’ve set up your environment for internal sharing only, when someone tries to share a file externally, they immediately see an error message that lets them know external sharing isn’t permitted. You can also set up custom help links, so employees can quickly and easily get in-context assistance and direction, such as instructions for signing up for a training course on protecting company information.
In product error messages help educate users of the organizational policies.
Unfortunately, shadow IT can still pose a problem. If some people need to share information or get feedback on a document quickly, they may choose more familiar apps—or an app suggested by a client--to share files. That’s why you need to help people see why using unapproved commercial apps can pose a security risk—and what tools you’ve provided instead to help make their jobs easier. You can also offer training courses for staff or students to complete for them to be added to a group with external sharing permissions. Creating a portal that people can access for further education around the right apps to use and secure sharing policies to follow can also help to reduce risk from information leakage, especially for new hires or new students.
Monitoring sharing to help keep data—and people—safe
Establishing sharing boundaries for your organization and educating people about your external sharing policies helps you spend less time managing requests and troubleshooting issues, so you can focus on other priorities. Instead, you can monitor OneDrive activity across your organization or school to see what people are doing. Using the information on the Productivity Score page of the Microsoft 365 Admin Portal, you can spot patterns that alert you to abnormal or suspect usage and adjust sharing and security policies to adapt or address issues. Understanding usage patterns can also help you develop and revise education materials to improve information security, which can help lessen the burden on your security team. You can also review audit logs to detect anomalies, such as people who are sharing or downloading more files than usual, and external sharing reports to help you gauge sharing behavior and provide insights that you can use to improve best practices and education across the board.