Walking the IT Tightrope: Balancing Security and Client Needs in Professional Services

It almost goes without saying that the protections put in place by IT departments are intended to help, not hinder, businesses and the services they provide to clients. But that doesn’t make it easy for IT managers to get employees to fall in line, especially when clients are pulling them the other way by insecurely sharing files. After all, if a lawyer views a file sent to him in an email, and then forwards it to his personal email to read later, is any visible harm really done?

It’s a tug-of-war that probably sounds all too familiar. IT systems can be immensely complex, which only adds to employees’ confusion about what files they can and can’t share. And when you ask people to store a huge amount do’s and don’ts in their heads, everyone is set up for failure.

So how can IT managers keep confidential company data safe and clients happy at the same time?

Identify gaps

The first step is recognizing the gaps between what your employees and clients need and what you currently provide. Do you have one in-house file-sharing system, but almost everyone is using a different service instead? If a majority of your clients are relying on a specific system, see if it makes sense to align your collaboration tools with theirs.

Control access rights and permission settings

Next, take advantage of permission settings to keep confidential content under wraps. Using these controls, you can restrict access to files and folders depending on a user’s role or group, thus lowering the risk that your most secure documents might be shared with the wrong people. Plus, these same controls combined with audit trails provide valuable insight into exactly who is viewing, editing and downloading your content.

You can also use default permission settings to help guide employee behavior and reduce the odds of an accidental data leak. If the default sharing setting is company-only, users have to take an extra step to share files outside the company. Additionally, it's possible to restrict external sharing to specific whitelisted domains. And if a leak does occur, you can check the audit logs, trace an event back to a specific user, and take steps to correct user habits, permissions, or both.

Stay informed and alert

Finally, stay up-to-date on the latest vulnerabilities. You can’t control what your employees or clients might fall victim to, like new malware or phishing schemes, but you can be well-read on current and emerging threats. Sending a company-wide email gently informing people of a new scam as soon as you learn of it could save you hours of work in the future. Benjamin Franklin’s advice has withstood the test of time: “An ounce of prevention is worth a pound of cure.”

As you go through the process of aligning security requirements with company and client needs, the most important thing to keep in mind is to always stay one step ahead. By anticipating what your internal and external users will need, you can prevent them from turning to a less-secure solution to meet those needs faster or more easily. After all, a savvy and proactive IT manager is the best defense against data breaches.

To learn more about securing collaboration and communication between employees and clients, register for Consulting magazine's Best Practices webinar, sponsored by Box.