In a survey by Emedia, they asked SharePoint users two simple questions. One, if they have an existing data security protocol. And two, if it covers SharePoint. The results showed that two-thirds of these organisations do not have security policies for SharePoint in place. No wonder that SharePoint data breaches happen to one in two companies.
According to a security expert, it is surprising to know that SharePoint users are paying no attention to the security implications of not having a data security policy in place. This may be because of slackness, being uninformed, or confusion regarding the persons in charge of instigating such policy.
SharePoint Data Breaches Happen To One In Two Companies
Earlier this month, the Ponemon Institute and Metalogix released a report concerning data storage policies of organisations using SharePoint, Dropbox and other file sharing applications. The report called Handle with Care: Protecting Sensitive Data in Microsoft SharePoint, Collaboration Tools and File Share Applications, aims to illustrate how businesses, professionals and SharePoint users safeguard their sensitive data. As per the research, SharePoint data breaches happened to almost half of SharePoint users in the last two years. In addition, more than three-fourths of them are not convinced that the existing tools are highly effective in securing sensitive data against unintended exposure and breaches.
In an interview, Dr. Larry Ponemon, the Chairman and Founder of Ponemon Institute, said that organisations are not doing their best to safeguard the enormous amount of data that are stored in SharePoint.
Securing the SharePoint Environment
As a growing number of organisations store and access crucial information on SharePoint, it is only a must that they institute practices in the organisation, management and protection of these data. In doing so, they can regulate the people in the company who have access to the sensitive information. Since not everyone will have to use such information, it is ideal that you limit these data to those who only need them.
Another thing that organisations can do is to examine the user activity. For small businesses, they can do this through the Management Activity API. On the other hand, big organisations are advised to utilise security tools in analysing user events.