Dangerous File-Sharing Practices Put Sensitive Corporate Data at Risk

Personal email could be 2014’s biggest threat to corporate data.

A new survey of more than 500 professionals released by GlobalSCAPE, Inc. found that in the past 12 months, 63% of employees have used personal email to send sensitive work documents. Perhaps more surprisingly, 74% of those employees believe that their companies approve of this type of file-sharing behavior.

Using personal email to send sensitive business files creates a major security and compliance risk to corporations. Last month, millions of Gmail and Yahoo accounts were breached.

The threat of consumer-grade file transfer methods extends far beyond employees’ use of personal email.

In the past 12 months:

• 63% of employees have used remote storage devices, like USB drives, to transfer confidential work files
• 45% of employees have used consumer sites like Dropbox and Box.net to share sensitive business information
• 30% of employees have used cloud storage services for work-related files

“Millions of employees are actively using consumer-grade tools, like personal email, social media, and file sharing sites, to move confidential work files every day,” said James Bindseil, president and CEO, Globalscape, a developer of secure information exchange solutions. “While the intent is typically harmless, these actions can have serious security and compliance ramifications.”

Employees’ reliance on consumer-grade tools to transfer files is not an isolated problem. Nearly half of all employees surveyed transfer work files through unsecured channels (remote storage, personal email, cloud storage, or consumer file-transfer sites) several times a week.

“We found that 80% of employees surveyed that use personal email to transer sensitive work files do it at least once a month,” says Bindseil. “Even scarier: nearly a third of that group knows for a fact that their personal email has been hacked at least once – yet they continue to put company information at risk.”

Who’s to Blame: Employees or IT Teams?
IT departments are struggling to create effective information-sharing policies and educate employees on the risks of using unsecured channels. According to the survey, only 47% of employees think the companies they work for have policies for sending sensitive files. Almost a third said that there were no policies in place, and 22% weren’t sure.

Policy enforcement is also lacking. Of the employees at companies that have policies for sending sensitive files, 54% still use personal email, and 62% still use remote devices.

“The information-sharing needs of today’s workforce are rapidly evolving, and most organizations are failing to keep up,” says Bindseil. “Employees need and expect instant access to information, and the ability to send and store files at the press of a button. When internal technology and tools come up short, employees will find a workaround.“

While there are many reasons that employees find alternatives to their company-provided file-transfer tools, the biggest drivers are simplicity and ease of use.

According to the survey:

• 52% said it’s more convenient to use a tool that they know well
• 33% reported that recipients have had trouble accessing files sent through the company system
• 18% said they use alternatives because the company’s tool does not offer mobile access

“Speed, simplicity, and mobile access are critical,” said Bindseil. “If enterprises have any hope of managing and securing the sensitive data leaving their organization, they need to provide solutions that easily integrate into the daily routines of their employees.”

To download full report (registration needed)