The Complete Guide To Securing Inbound Documents

Inbound documents are documents that are owned externally and shared with accounts at your company. More times than not, securing these documents is an afterthought because they are owned by other companies or external accounts. But this doesn’t make them any less risky. Oftentimes, these documents contain highly confidential company information, and they are not protected by the companies that create them.

Maybe you’ve seen these scenarios:

  • Your company is constantly collaborating with vendors who create materials for their clients, like documents created by lawyers, accountants, marketing vendors, or auditors.
  • You work with freelancers or contractors who don’t have a company email account or mistakenly use their personal accounts to create and share documents with your company.
  • You have employees who accidentally create company documents on their personal email accounts and share those documents with people at the company.

The biggest problem we often hear from customers is that admins don’t have visibility into inbound documents. However, these documents still have all sorts of access-risk issues, including Public and Company links and personal account access. 

Why inbound documents matter

Working with third parties can lead to all manner of access risks, as externally-owned documents could be shared with accounts that should have never had access. And if your sensitive information falls into the wrong hands, it can result in legal and compliance issues, reputational damage, HR problems, and loss of customer business. 

The most common situations we see are:

1.  Vendors who create and share confidential information with the company (for example, accounting, legal, audit, and consulting firms) are not securing that information for their customers. They will have Public links, Company links, and personal accounts on company documents that should all be Restricted, with access only from required accounts.

2.  Vendors where the relationship has ended, and they were supposed to delete all documents and remove access per contractual requirements, but the access and documents still persist months, and even years, later. The risk of leaks grows when this information isn’t secured.

3. Employees who accidentally create documents using their personal accounts. They then leave the company, and the documents remain tied to their personal account, unsecured and with the potential that the employee can look back at them later. This is a real concern since over 45% of employees admit to taking documents from former employers.

How to secure inbound documents

As we mentioned, it’s currently not possible to get comprehensive visibility into these types of issues in cloud collaboration tools like Google Workspace. We recommend finding a solution that provides visibility over inbound documents shared with your company that are owned by external domains or personal accounts. That way, you can alleviate data leakage risk that’s caused by mistakes related to current and past vendors, other partners, and former employees. 

Here’s What Employees Should Know 

  • Do not work on or share your work documents with your personal Google Workspace accounts. If this happens, remove access from the personal account as soon as possible. 
  • Double-check to make sure you are not using a personal account to create and share work files, as people often accidentally switch back and forth between their accounts and don’t realize they are using the wrong account. 
  • Do not create documents from your personal Google Workspace account. If you notice that you’ve done this by accident, make a new copy of the document using your work account and delete the document you made using your personal account.
  • Be careful when receiving inbound documents from freelancers, contractors, and third-party vendors. Do not put highly sensitive information in these documents unless absolutely necessary. Be aware that these documents are owned by outside parties who can change permissions and add members to the documents at any time. 

Unsecured inbound documents are a prevalent problem in document security. These types of documents are owned externally and not easily regulated by internal IT and security teams. They can lead to access-risk issues like personal account access and public links. One way to secure these files is through a real-time access control system

Nira’s is the only tool on the market that gives comprehensive visibility into inbound documents. For a risk assessment of your inbound documents, visit here.

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
CIO of 6sense

Incredible companies use Nira