Employee file sharing practices put corporate data at risk, study finds
Dangerous file sharing practices put sensitive corporate data at risk – that is the focus of the latest report from Globalscape, a software company that surveyed more than 500 corporate employees.
Some of the bigger findings in the study revealed that 63 percent of employees use remote storage devices to transfer confidential work files, 45 percent of employees use consumer sites such as DropBox, and 30 percent of employees use cloud storage services.
“The most interesting finding is the sheer amount of employees that are regularly bypassing their internal solutions for consumer tools,” James Bindseil, CEO with Globalscape, told SCMagazine in an email correspondence. “Most organizations have infrastructure in places that enable employees to securely transfer information.”
Another finding is that more than 60 percent of employees use personal email addresses to transfer work data, a problem that is compounded by the fact that more than 50 percent of staffers admitted to using the same password across multiple accounts.
“When employees are careless with sensitive data, the risk for a security breach increases,” Bindseil said. “It's also a major compliance issue. When employees send sensitive information through personal email, or load data to a personal device, IT loses control and visibility, the audit trail disappears, and it becomes almost impossible for an organization to prove compliance.”
A lack of training, communication and enforcement of IT policies could be leading to risky employee behaviors, according to the study, which revealed that only 47 percent of employees surveyed are aware of a company policy for sending sensitive files. Meanwhile, 30 percent of staffers said their companies do not have policies and 22 percent said they are unsure.
“Employees need to understand that the tools they use to send files and data in their personal lives aren't acceptable in the workplace,” Bindseil said. “If enterprises want to have any hope of managing and securing the sensitive data leaving their organizations, they also need to provide solutions that easily integrate into the daily routines of their employees.”
Bindseil recommended sending and receiving all sensitive files and data through a secure and managed file transfer solution, which will give the IT department visibility into who is accessing the information and how it is being accessed.