Surely the point of SharePoint is…sharing?

You’d think so, right? However, due to a recent change in SharePoint’s default permission settings, Microsoft clients can no longer easily share documents externally.

Why is that a good thing – and yet not?

When Microsoft announced the change to SharePoint’s default sharing settings at the end of April 2024, they cited a range of reasons, including content oversharing.

With customers adding over 2 billion new documents to Microsoft 365 every workday, it’s understandable that it has become increasingly challenging for organisations to manage, protect, and store (let alone recover) content. To address intentional or accidental oversharing (when content is shared beyond those who actually need to access it), Microsoft decided the best strategy was to lock down the default sharing settings in SharePoint.

We believe this is a good thing. It forces you to consciously review your sharing and permissions policies, improves company security, and discourages your employees from sharing documents outside the organisation.

However, there’s a catch. And it involves an all-too-easy and dangerous workaround called email.

When your employee (let’s call him Ryan) becomes frustrated with his inability to share documents outside the business with a simple keyboard command, you can expect him to turn to email. After all, Outlook is right at hand and expedient when under pressure to complete a task.

However, email is high risk – especially for a confidential and unencrypted document (and even encryption isn’t necessarily a failsafe). The document he emails out could potentially include private information, such as PII (Personal Identifiable Information), which immediately exposes your business to security issues.

How come?

1. Interception. Ryan’s email could be intercepted and read by someone with access to his email account – for example, through phishing. Around 36% of all data breaches involve phishing.

2. Oops. Ryan could accidentally send the email to the wrong person. And he’s not alone. One piece of research says that in organisations with 1,000 employees, at least 800 emails are sent to the wrong person every year.

3. Fast forward. Ryan’s emailed document can be forwarded again and again without his knowledge. And there’s no way to control this.

4. Efailure. Even if Ryan sends an encrypted email, that’s not a failsafe way to protect its content. For example, back in 2018, a vulnerability called EFAIL was discovered in several email encryption processes. It turned encrypted emails into plain text. While EFAIL has hightailed it, it’s fair to assume that other similar tools have taken its place.

No matter what industry you’re in, from education to health and just about everything in between, the risk of exposing confidential information via email is not worth taking.

Luckily, you don’t need to.

To change the default settings in SharePoint, you need to make nice with your global or SharePoint Administrators in Microsoft 365. They alone can change the automatic default for sharing from ‘only people in your organisation’ to existing guests, new and existing guests, or if you’re feeling (in our opinion) somewhat reckless – ‘anyone.’

So, what are some of the best practices for sharing, bearing in mind that the sharing settings for your own SharePoint will depend on your organisational-level settings?

Start at the top: Set your sharing policies from the top down, before moving to your external sharing settings for SharePoint.

Exercise damage control: Microsoft recommends that if you do select ‘anyone’ (where users can choose to externally share a link to a document or folder, which can then be opened without authentication and forwarded), you at least set an expiration date.

Preserve the integrity of your content: If sharing externally, set link permissions so a document or folder is ‘view only’ and can’t be edited by anyone outside your organisation.

Copy that, not. Add copyright information to your files so that any shared files contain copyright or ownership information.

Call Us. It can be tough to navigate the complexities and implications of your SharePoint settings, so the Colton team are always here to help you set it right and get it right.