Security Blog


IT Professionals Use Personal E-Mail to Hide File Transfer Activity from Management: Report to be Released Tuesday

August 2, 2010
/ Print / Reprints /
ShareMore
/ Text Size+

Chief security and information officers beware: IT professionals are using personal email accounts to mask file transfer activity from management, according to a study released today by Ipswitch, Inc., the secure, managed file transfer company.  Forty percent of those surveyed at this year’s InfoSecurity Europe conference admitted to sending sensitive or confidential information through personal email accounts to eliminate the trail of what was being sent to whom – a major security and compliance breach and violation for companies.

While not all personal email used to send business information is malicious, it’s all incredibly risky.  More than two-thirds of respondents (69 percent) said that they send classified information, such as payroll, customer data and financial information, over email (with no security) at least once a month, and 34 percent said they do it daily.  The biggest drivers: speed, convenience and the ability to send large files, without the hassle.

“Employees will almost always take the path of least resistance, even if that unintentionally means violating company policies and breaking security protocols,” said L. Frank Kenney at Ipswitch.  “Businesses need complete visibility into the files that are moving internally and externally company-wide, with a file transfer approach that makes it fast and easy for employees to securely exchange information with customers, partners and colleagues.”

While the majority of organizations represented in Ipswitch’s latest survey (62 percent) seem to have file sharing policies in place, many don’t have the means or tactics in place to enforce them.  Despite increasingly strict governance and compliance mandates, 72 percent of respondents said that their organizations lack visibility into files moving both internally and externally.  

“With thousands of gigabytes of information moving in-and-out of companies every month, executives need visibility into who’s sending, receiving, and forwarding business-critical documents for security and compliance purposes,” said Kenney.  “It’s far too easy for information to get into the wrong hands, evident by hundreds of data breaches in the first half of this year alone, and unless companies communicate and enforce file-transfer policies, with total visibility and company-wide management, their risk of a breach will continue to rise.”

BlackBerrys, iPhones, USB drives and physical media improve worker productivity and make it fast and easy to share information, but all of these technologies present significant security risks to businesses.   Seventy percent of IT professionals surveyed access company files and data through mobile devices, webmail and remote connections on a weekly basis.  Additionally, 41 percent are using personally owned external storage devices (i.e., USB drives and DVDs) to back up work-related files every month.

“Companies are struggling to strike the right balance between productivity and security – especially as business accelerates and more employees work remotely,” added Kenney.  “What most companies don’t realize is that they no longer have to choose between the two.   Browser-based or email plug-in solutions eliminate the risks associated with easy-to-lose physical devices, give employees a fast, convenient and familiar way to share information, and arm companies with the visibility and insight that they need to ensure that sensitive information is protected.”

Tweet your observations and suggestions to Security at http://twitter.com/securitymag

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

THE MAGAZINE

Security Magazine

April 2014

2014 April

In the April issue of Security magazine, read about integration partnerships and their growing success. The Boston Marathon bombing has changed the way integrators look at security for sporting events, see where they are one year after the tragic incident. Read about the 2014 RSA conference and this year's theme of "Threat Intelligence. Also, read about the latest products and news in the security industry.

Table Of Contents Subscribe

Background Checks

Who conducts background checks on new employees and contractors in your enterprise?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13