Making IT Management Walk the Security Talk

A recent study by Harris Research suggests that companies must educate business leaders about the risks of freemium file sync and share services.


22 July 2014

Making IT Management Walk the Security Talk

By Marc Songini and Shawn Zubin

True ironclad security must span all the way from the lowliest Droid smartphone floating in the cloud to the biggest mainframe in the company headquarters. But even if your hardware and systems have hardened hack-proof defenses, it won’t do any good if your people stray from proven security best practices.

This especially applies to the C-suite. The likelihood of information technology executives making a serious data sharing error is actually greater than most might think. So says a recent file sync and share (FSS) services survey that research firm Harris Interactive conducted among IT decision makers.

Managers Putting Trust in the Wrong FSS Places

While we’ve covered some of the Harris survey results already, we’d like to highlight the following eye-opening data points:

  • Nearly 50 percent of IT decision makers who have a title of vice president or above responded that they would share data marked "confidential"over a consumer FSS service
  • And, 54 percent of the above segment said they would share regulated content, such as financial, insurance or healthcare data, and 42 percent said they would share personal financial data, such as bank files or tax returns, over a consumer FSS
  • Only 20 percent of respondents with positions below vice president said they would share data marked "confidential" over a consumer FSS service
  • Additionally, 26 percent of respondents with titles below vice president said they would share regulated content over such an FSS system, and 13 percent said they would share personal financial data

Naturally, Harris suggests companies must educate business leaders about the risks of freemium FSS services. In this way, executives can create and exemplify an appropriate security policy, and educate their staff accordingly.

CIA Director Data Snafu

To prove the top dogs aren’t immune from error, we can cite the case of former CIA director John Deutch. He used multiple unsecured Macintosh computers to access, shall we say, some very sensitive information. A quick recap:

  • Deutch kept the data unsecured on home and CIA office Macs
  • A virus corrupted a computer, containing classified data, in Deutch’s office
  • These compromised machines were Web-connected (meaning that all of the data was vulnerable)
  • Deutch used one of these Macs for personal e-banking, and sending emails over AOL

The full CIA report is available here, if you really want all of the gory details ...

Avoid Joining the Data Breach of the Month Club

Undoubtedly, most IT managers may never make mistakes as bad as the one-time CIA leader. But that doesn’t mean the enterprise security picture is rosy, overall. And when there is a serious data breach, sometimes the execs will take the blame, even if it wasn’t their direct fault. For a cautionary tale, we have only to look to Target, whose CIO and CEO both opted to fall on their own swords after a massive credit card data snafu.

Better to address soft spots in process and technology up front. Perhaps you’d like to harden your file sharing protocols now, before an error is made? If so, may we recommend a recent blog? It’s by security expert Graham Cluley and titled: “Sharing Secret Files More Safely: Some Questions to Ask Yourself.”



Marc Songini

Marc Songini

Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.