Security Blog

IT Professionals Use Personal E-Mail to Hide File Transfer Activity from Management: Report to be Released Tuesday

August 2, 2010

Chief security and information officers beware: IT professionals are using personal email accounts to mask file transfer activity from management, according to a study released today by Ipswitch, Inc., the secure, managed file transfer company.  Forty percent of those surveyed at this year’s InfoSecurity Europe conference admitted to sending sensitive or confidential information through personal email accounts to eliminate the trail of what was being sent to whom – a major security and compliance breach and violation for companies.

While not all personal email used to send business information is malicious, it’s all incredibly risky.  More than two-thirds of respondents (69 percent) said that they send classified information, such as payroll, customer data and financial information, over email (with no security) at least once a month, and 34 percent said they do it daily.  The biggest drivers: speed, convenience and the ability to send large files, without the hassle.

“Employees will almost always take the path of least resistance, even if that unintentionally means violating company policies and breaking security protocols,” said L. Frank Kenney at Ipswitch.  “Businesses need complete visibility into the files that are moving internally and externally company-wide, with a file transfer approach that makes it fast and easy for employees to securely exchange information with customers, partners and colleagues.”

While the majority of organizations represented in Ipswitch’s latest survey (62 percent) seem to have file sharing policies in place, many don’t have the means or tactics in place to enforce them.  Despite increasingly strict governance and compliance mandates, 72 percent of respondents said that their organizations lack visibility into files moving both internally and externally.  

“With thousands of gigabytes of information moving in-and-out of companies every month, executives need visibility into who’s sending, receiving, and forwarding business-critical documents for security and compliance purposes,” said Kenney.  “It’s far too easy for information to get into the wrong hands, evident by hundreds of data breaches in the first half of this year alone, and unless companies communicate and enforce file-transfer policies, with total visibility and company-wide management, their risk of a breach will continue to rise.”

BlackBerrys, iPhones, USB drives and physical media improve worker productivity and make it fast and easy to share information, but all of these technologies present significant security risks to businesses.   Seventy percent of IT professionals surveyed access company files and data through mobile devices, webmail and remote connections on a weekly basis.  Additionally, 41 percent are using personally owned external storage devices (i.e., USB drives and DVDs) to back up work-related files every month.

“Companies are struggling to strike the right balance between productivity and security – especially as business accelerates and more employees work remotely,” added Kenney.  “What most companies don’t realize is that they no longer have to choose between the two.   Browser-based or email plug-in solutions eliminate the risks associated with easy-to-lose physical devices, give employees a fast, convenient and familiar way to share information, and arm companies with the visibility and insight that they need to ensure that sensitive information is protected.”

Tweet your observations and suggestions to Security at

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.