When users share files to an external user from their Google Drive via Gmail, they have the following options:
When you click “Send” a message will pop up.
You can make the external user an viewer/reader of the file(s) or can decide whether to share the file(s) via the public link (Anyone with the link can view).
One security weakness with this method of sharing is that Google does not allow the file owner to track file usage, either by the intended recipient or other parties if the sharing with link option is selected.
Steps to remediate these shares
Select the User, Group or OU long search in Drive audit.
We are using the example /Support OU as an arbitrary search and we are including its sub-OUs and we will only showing the files owned by the members of the OU by selecting Owned option. If Owned option is left unchecked the search will return all files which members of the OU can view/edit or own.
After the search results are displayed, we can select “Show stats for current filter” and select “Open to public with link” to only focus on that exposure type.
You can immediately take action on files ‘open to public with link’ and remove these shares. To do this you can click File Operations and select Remove permissions.
When the menu appears, select the following option ‘Remove Only the following External Shares’ and enter everyone with link. This will remove the public with link files for /Support OU.
The above feature also allows you to send a custom message to notify the owners of these files.