The risks of SharePoint security mismanagement

Posted by Sophina Dillard on Monday, 1 February 2016 0

How would you feel if that creep from the office had looked through your contract to find out what you earn? Would it bother you if anyone other than your direct manager could read your performance review? What would it look like if your company’s customer details or information about a merger were hacked?

SharePoint is an amazingly powerful tool which, when implemented correctly, is perfectly secure. However, that’s the catch: it has to be implemented correctly. We love SharePoint because it’s so amazingly flexible, and this flexibility basically allows you to deploy it in almost any way you want. However, this feature is a double-edged sword – people often implement SharePoint in a risky manner, and open their organizations to the danger of leaks and hacks.

Why you need to be aware of SharePoint risks

Not convinced that having a security policy is such a big deal? Think again. 

A recent survey of 1000 SharePoint users found some pretty surprising results. 34% of respondents admitted that themselves or their colleagues had, at some point, looked at documents they weren’t supposed to read. Of those who had, 23% had looked into their colleagues’ salary information, 34% had looked at other personal details and 8% had discovered secret information about mergers and acquisitions. Respondents also shared information they weren’t supposed to, either by putting it on USB sticks or sharing it with themselves via email. 

Perhaps most worryingly, a lot of companies don’t have any kind of strategy for dealing with security. Research by Emedia revealed that a staggering 22% of organizations have NO information security policy:

As Emedia’s research shows, only 1/3 of organizations actually have a comprehensive and up-to-date security policy to protect themselves against data breaches.

Why is all of this a problem?

If you don’t have a comprehensive security strategy, you’re opening your company up to a lot of risks.

It goes without saying, but most employees would feel violated if they knew anyone in the business would be able to see their personal information. Even if they had ‘nothing to hide’ the simple fact that their colleagues could discover private information without asking them directly would make many people feel uncomfortable.

Another major risk for organizations without a strong security policy is that information may be leaked by employees with an agenda or who want to damage the organization in some way. While it’s true that SharePoint wasn’t at fault for the Edward Snowden leaks at the NSA (lax security was to blame), it does show how even a technically advanced organization can be vulnerable to internal attacks. Without a strong security policy, your organization’s plans, trade secrets and strategy could be shared with competitors and undermine your market position. 

Almost any organization worth its salt is at risk of hacking. If a hacker is determined, they may well find a hole at some point in your company’s security – even if you have a well maintained firewall. However, those organizations who have developed ‘defense in depth’ will always be able to limit the impact of such attacks. Even if a hacker ‘gets in’ with a valid user name they’ve acquired, they’ll only ever be able to see what that user had access to. If your company doesn’t have a well maintained internal security policy and allows anyone to look at any document, you may as well fling the doors wide open. 

You might still not be convinced that any of the above reasons are enough to make you improve your SharePoint security strategy. However, you never really had much of a choice anyway. There are a range of regulations around the world which, to some degree or another, will force you to treat and manage the data your company collects in a secure manner. 

The European Union's General Data Protection Regulation (GDPR) will be coming into force over the next couple of years. It will basically affect any company that ever treats the Personably Identifiable Information (PII) of individuals from the EU – whether they’re customers, clients or employees. The rule will force companies to implement strict data management policies to reduce the chances of private data getting into the wrong hands. And if you don’t comply, expect a hefty fine – either 100 million Euros or 5% of annual turnover – whichever is greater. 

Get smart
SharePoint security needn’t be too hard, though. Fortunately, there is software out there, such as Sharegate, that makes SharePoint security management very simple. If you properly manage SharePoint’s security, you’ll massively reduce your chances of losing vital information, secrets and being fined by international organizations. Secure SharePoint management doesn’t require a HUGE effort, just a little planning and preparation. If you make up one of the two thirds of companies that don’t have a comprehensive strategy, ask yourself “why not?”.

Get Updates

Subscribe to our e-mail newsletter to receive updates.

Share This Post

Related posts


back to top