Breaking Bad: The Risk of Unsecure File Sharing
Ponemon Institute and Intralinks unveiled research into the security threats of unsecure file sharing by employees and how organizations are reacting.
3 November 2014
We all know that threats such as malware or physical theft can cause data leakage, but just as significant of a threat to the enterprise is unsafe file sharing.
Today we unveiled new research into the security threats caused by unsecure file sharing practices by employees and how organizations are reacting to this risk.
We surveyed more than 1,000 IT security professionals from the United States, United Kingdom and Germany. Most of the respondents were at the supervisor level or above, with a strong understanding of their organization’s information security, data privacy and file sharing procedures.
Our report, “Breaking Bad: The Risk of Unsecure File Sharing” reveals that ungoverned file sharing presents a serious security threat to enterprise. Furthermore, we learned that organizations are having trouble managing the unsanctioned use of file sharing by employees, and struggle to establish and enforce effective policies to prevent data leakage.
Consumer-grade cloud file sharing or file sync and share applications (such as Dropbox) are popular with employees because they allow them to finish work quickly, from anywhere, and on any device. Our research confirmed that employees often violate company IT or security policies to get work done faster. Additionally, our research discovered that the use of these applications often leaves holes in document and file level security, mainly due to their expanded, uncontrolled use beyond the firewall.
Unsafe file sharing makes organizations extremely vulnerable to data loss and non-compliance – and it starts from the top down. Based on our research, it’s clear that the enterprise IT department has lost control of company data.
As our infographic shows, when survey respondents were asked about the safety of their organizations’ file sharing approaches, data revealed:
- Sixty-two percent of file sharing processes, procedures and technologies are not safe
- Sixty-three percent of organizational approaches to file sharing among peers are not safe
- Sixty-one percent of personal approaches to file sharing are not safe
- Sixty-five percent of employees’ and colleagues’ approaches to file sharing are not safe
Even more alarming, respondents confessed to unsafe, unsecure, and unsanctioned file sharing practices:
- Thirty-two percent said more than half of employees regularly share files outside the company firewall
- Approximately 60 percent of employees have often or frequently either used personal file sharing applications at work, sent unencrypted emails, failed to delete confidential documents as required, or accidently forwarded files to unauthorized individuals
- More than 26 percent of file sharing applications are being used by various business functions without the IT department’s approval or knowledge
- Sixty-four percent say that their organization is in the dark about whether or not file sharing activities are in compliance
And lastly, key findings from our research confirmed that organizations are indeed vulnerable to data loss and non-compliance:
- Forty-eight percent are unsure or do not agree that they have a clear security policy around cloud-based file sharing or file sync and share applications
- Forty-nine percent are unsure or do not agree that they have clear visibility into employees’ use of file sharing or file sync and share applications at work
- Fifty percent are unsure or do not agree that they have the ability to manage and control user access to sensitive documents and how they are shared
- Fifty-six percent are unsure or do not agree that they sufficiently educate individuals annually on the risks of data loss and data theft
Senior leaders at organizations need to provide secure solutions to reduce the risk of unsecure file sharing by employees, create and enforce security polices, and regularly educate employees on these risks.
If you’d like to learn more about the risks of unsafe file sharing practices, you can download a complimentary copy of our report, “Breaking Bad: The Risk of Unsecure File Sharing” today. You can also reshare our infographic using the embed code below.
Dr. Larry Ponemon
Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy, data protection and information security practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Security Magazine has named Dr. Ponemon as one of the “Most Influential People for Security.”