Chief security and information officers beware: IT professionals are using personal email accounts to mask file transfer activity from management, according to a study released today by Ipswitch, Inc., the secure, managed file transfer company. Forty percent of those surveyed at this year’s InfoSecurity Europe conference admitted to sending sensitive or confidential information through personal email accounts to eliminate the trail of what was being sent to whom – a major security and compliance breach and violation for companies.
While not all personal email used to send business information is malicious, it’s all incredibly risky. More than two-thirds of respondents (69 percent) said that they send classified information, such as payroll, customer data and financial information, over email (with no security) at least once a month, and 34 percent said they do it daily. The biggest drivers: speed, convenience and the ability to send large files, without the hassle.
“Employees will almost always take the path of least resistance, even if that unintentionally means violating company policies and breaking security protocols,” said L. Frank Kenney at Ipswitch. “Businesses need complete visibility into the files that are moving internally and externally company-wide, with a file transfer approach that makes it fast and easy for employees to securely exchange information with customers, partners and colleagues.”
While the majority of organizations represented in Ipswitch’s latest survey (62 percent) seem to have file sharing policies in place, many don’t have the means or tactics in place to enforce them. Despite increasingly strict governance and compliance mandates, 72 percent of respondents said that their organizations lack visibility into files moving both internally and externally.
“With thousands of gigabytes of information moving in-and-out of companies every month, executives need visibility into who’s sending, receiving, and forwarding business-critical documents for security and compliance purposes,” said Kenney. “It’s far too easy for information to get into the wrong hands, evident by hundreds of data breaches in the first half of this year alone, and unless companies communicate and enforce file-transfer policies, with total visibility and company-wide management, their risk of a breach will continue to rise.”
BlackBerrys, iPhones, USB drives and physical media improve worker productivity and make it fast and easy to share information, but all of these technologies present significant security risks to businesses. Seventy percent of IT professionals surveyed access company files and data through mobile devices, webmail and remote connections on a weekly basis. Additionally, 41 percent are using personally owned external storage devices (i.e., USB drives and DVDs) to back up work-related files every month.
“Companies are struggling to strike the right balance between productivity and security – especially as business accelerates and more employees work remotely,” added Kenney. “What most companies don’t realize is that they no longer have to choose between the two. Browser-based or email plug-in solutions eliminate the risks associated with easy-to-lose physical devices, give employees a fast, convenient and familiar way to share information, and arm companies with the visibility and insight that they need to ensure that sensitive information is protected.”
Tweet your observations and suggestions to Security at http://twitter.com/securitymag