Chief
security and information officers beware: IT professionals are using personal
email accounts to mask file transfer activity from management, according to a
study released today by Ipswitch, Inc., the secure, managed file transfer
company. Forty percent of those surveyed
at this year’s InfoSecurity Europe conference admitted to sending sensitive or
confidential information through personal email accounts to eliminate the trail
of what was being sent to whom – a major security and compliance breach and
violation for companies.
While
not all personal email used to send business information is malicious, it’s all
incredibly risky. More than two-thirds
of respondents (69 percent) said that they send classified information, such as
payroll, customer data and financial information, over email (with no security)
at least once a month, and 34 percent said they do it daily. The biggest drivers: speed, convenience and
the ability to send large files, without the hassle.
“Employees
will almost always take the path of least resistance, even if that
unintentionally means violating company policies and breaking security
protocols,” said L. Frank Kenney at Ipswitch.
“Businesses need complete visibility into the files that are moving internally
and externally company-wide, with a file transfer approach that makes it fast
and easy for employees to securely exchange information with customers,
partners and colleagues.”
While
the majority of organizations represented in Ipswitch’s latest survey (62
percent) seem to have file sharing policies in place, many don’t have the means
or tactics in place to enforce them.
Despite increasingly strict governance and compliance mandates, 72
percent of respondents said that their organizations lack visibility into files
moving both internally and externally.
“With
thousands of gigabytes of information moving in-and-out of companies every
month, executives need visibility into who’s sending, receiving, and forwarding
business-critical documents for security and compliance purposes,” said
Kenney. “It’s far too easy for
information to get into the wrong hands, evident by hundreds of data breaches
in the first half of this year alone, and unless companies communicate and
enforce file-transfer policies, with total visibility and company-wide
management, their risk of a breach will continue to rise.”
BlackBerrys,
iPhones, USB drives and physical media improve worker productivity and make it
fast and easy to share information, but all of these technologies present
significant security risks to businesses.
Seventy percent of IT professionals surveyed access company files and
data through mobile devices, webmail and remote connections on a weekly
basis. Additionally, 41 percent are
using personally owned external storage devices (i.e., USB drives and DVDs) to
back up work-related files every month.
“Companies
are struggling to strike the right balance between productivity and security –
especially as business accelerates and more employees work remotely,” added
Kenney. “What most companies don’t
realize is that they no longer have to choose between the two. Browser-based or email plug-in solutions
eliminate the risks associated with easy-to-lose physical devices, give
employees a fast, convenient and familiar way to share information, and arm
companies with the visibility and insight that they need to ensure that
sensitive information is protected.”
Tweet
your observations and suggestions to Security at http://twitter.com/securitymag