Cybersecurity Blog

Check the sharing permissions on your files stored on the Google Drive – 10/21/20

With the move to working from home, many of our business processes have changed. For example, documents that we used to save on the J: drive have had to be moved to the Google Drive to ensure everyone has access to them. However unlike the J: drive where everything saved on it is viewable only by your colleagues in your department, the Google Drive allows you to share a single file or a whole folder with anyone. To quote Winston Churchill

Where there is great power there is great responsibility…

It has come to our attention that many of you are struggling with this power. We have found there are many documents sitting in the Google Drive that are viewable by anyone with a Mount Royal email address that really shouldn’t be. Submitted student assignments, job offer letters and lecture recordings are just some of the documents that are viewable by the entire MRU community.

We appreciate that you are doing the best that you can with what you have. We have all been thrown into a working situation that none of us were expecting. In the middle of which, Google decided to change its file sharing dialog box. So even if you were familiar with how to share files, you have had to relearn it.  Throw in Shared Drives and it is no wonder so many documents are viewable by the wrong people.

If you have read this far and are thinking, “I know how to share files, I am sure that no one has access to them who shouldn’t”, please take a moment to check the sharing permissions on your files that contain sensitive information. As I said before, Google has changed their Sharing dialog box and we have oodles of sensitive documents that are viewable by the whole campus. You may think that your documents are secured, but they may not be. Don’t assume, check.

If on the other hand you have read this far and tears of frustration are streaming down your face, I come with a message of hope. File sharing is easy once you understand a few key concepts.

The Google Drive is one massive server

When you save or create a document on the Google Drive, you are placing it on a huge server that the whole world has access to. You only see the files and folders that you have been given permission to see.  By default that is all the files and folders you create. The same is true for anyone else who uses Google Drive.  So when you create or save a document to the Drive, is it unviewable by anyone except you until you share it with someone else.

A document has the same sharing permissions as its folder

When you save or create a document in a folder, it takes on the sharing permissions of the folder.  To help you keep track of which folders you have shared and which you haven’t, Google gives you a confirmation dialog box to remind you that the document you are creating in a folder will be shared.

It also gives you one when you move a document to a folder that is shared.

Unfortunately, it does not give you a reminder when you upload a file into a shared folder. How do you remember which folders are shared and which aren’t? It can be confusing. A neat little trick I use is color coding. I color all the shared folders red. That way I can quickly and easily see which folders are viewable by others and which are only viewable by me.

Any folder in the Shared with me section may be viewable by others

When someone shares a document with you, it appears in your Shared with me section of your Google Drive.

Any folders found here were not created by you. If they are shared with you, they likely are shared with other people as well. Before you create or add a file to one of these folders, check its sharing permissions so you know who will be able to access your document.

Documents in Shared Drives may be shared with people who are not members

When Shared Drives first came out, they were called Team Drives and only people who were members of the Team could access the documents. Google has updated this feature. Along with a new name, you can now share folders and files in the Shared Drive with people who are not Team Members.  Once again, this makes it challenging to determine which folders are shared with who. Unfortunately you cannot change the color of the folder icon in Shared Drives. Instead, ask all Team Members who create folders to put SHARED in the folder title if it is shared with people outside the Team.

The fewer people that have access to a document, the more secure it will be

Only share a document with the entire Mount Royal community or everyone who has a link, if that document really needs to be accessible by all those people.  There is no need to share a contact list with the whole campus when only your department needs access to it. Don’t share a recording of your lecture with the whole campus if only your students need to access it. As soon as you open up document access to a large audience, you start to loose control over its contents. Before you know it, you have people contacting you asking for more information about about a topic that they should have no knowledge of.  Keep your documents secured, only share them with those who absolutely must access them.

I hope that this information has cleared up some of the confusion around safely sharing files on Google Drive. For details on how to share files, visit the Google Drive Help webpage.

 

4 thoughts on “Check the sharing permissions on your files stored on the Google Drive – 10/21/20

  1. Unfortunately there currently isn’t a way to see all the files or folders that you have shared on the Google Drive without checking each file and folder.

  2. Thank you for this information. Is there an easier way to see if there are documents available to the whole campus (that should not be) other than by manually checking each file?

Leave a Reply

Your email address will not be published. Required fields are marked *