Security is no longer an afterthought for enterprises. The spate of high-profile data breaches are a constant reminder to executives and shareholders of the cost of neglecting security. Because of this, organizations are dedicating more resources to shore up IT defenses. Organizations are increasingly reliant on IT to conduct business. The growth of mobile workforces and greater demands on business, coupled with a lack of user-friendly file sharing tools, has led employees to use potentially unsafe consumer file sharing systems such as Gmail, Dropbox, and iCloud, and download confidential information from secure personal networks to conduct business. The importance of sharing files through a safe means, ideally through a managed solution cannot be stressed enough. James Bindseil, president and CEO of Globalscape discusses the importance of a well thought out file sharing strategy.
Businesses today are happy to hire staff to work from a mobile location. However, this shift brings about potential issues regarding regulation of access to data. With a mobile workforce, staff actions are more difficult to manage, including tracking access to and transmission of corporate data. Much attention has been given to hackers, external malicious entities who wish to gain access to corporate data. However, according to the Ponemon Institute, more than a third of all data breaches are caused internally, and are typically a result of employees mishandling sensitive data.
Dangerous File Sharing Habits Threaten Enterprise Security
There are a number of common practices that are threatening the security of business data. In fact, judging by the statistics, you may have fallen into any one of these dangerous file sharing traps. These include sending emails across unsecured networks, the use of unencrypted mobile devices, and the use of public cloud platforms to share corporate data.
Email is one of the most important tools in the business world; however, its inherent benefits that make it an effective business tool—a fast and easy means to communicate—pose a risk to enterprise security as well. Sending corporate data using a personal email account ranks as one of the most dangerous file sharing practices. Our research has shown that in the last 12 months, 63 percent of employees have used their personal email to send and receive sensitive work documents. Even more surprising, however, 74 percent of those employees believe that their companies approve of their method of sharing files. Personal email accounts are typically supported on public networks such as Yahoo or Gmail, which are often the target of hackers, partly because of their high profile nature and high number of inexperienced users.
USB Drives
A Globalscape survey found that 63 percent of employees have used remote storage devices like USBs to carry confidential files. Transporting confidential information via removable storage devices, particularly when unencrypted, can be very dangerous, as the potential number of people with the ability to access the data is far greater than if the drive were encrypted. With encrypted devices, only those with access to the proper encryption keys can access the data in its plaintext form. While many organizations have chosen to ban the use of non-approved USB devices, these policies seem to have little effect, considering the results of our study among others.
Consumer-Grade File Sharing Services
One of the most serious dangers to enterprise security is posed by “box” file sharing solutions like Dropbox and iCloud. The most basic threat these cloud providers pose is that data can be gathered from files on their systems—as is stated in their terms and conditions. This is especially worrying as it means businesses are not only placing their trust in their own staff, but the staff members of the host. It is very unlikely for information to be stored in this way in enterprise-level solutions. Our research has shown that a staggering 45% of employees have used Dropbox or other consumer sites for sharing confidential work information.
One of the big issues with using consumer-grade file sharing services is that they have a larger hacker attack profile. Hackers are very wise to the amount of sensitive corporate data that is shared through these services every day and they are even wiser to their questionable security protocols—making companies who use these a far more attractive target than those implementing their own managed solution.
Retain Visibility and Control
The bottom line for businesses is that it is imperative to retain control of their data. When files are transferred externally, IT departments lose control of the information. If a staff member sends files to their personal email account, the IT department has no way of knowing with whom they could be sharing the data. Instances such as these run the risk of bringing organizations out of compliance with the Data Protection Act (DPA).
Safe file sharing is critical to data security and good business practices. By creating and enforcing policies and procedures related to safe file sharing and providing employees safe avenues for sharing data within organizational boundaries, enterprises can limit instances of dangerous file sharing practices. Implementing user-friendly managed file transfer solutions can increase collaboration and productivity both inside the organization and with partners. Meanwhile, organizations can retain the visibility and control of data that is so vital to security.