9 Steps to Stop Risky File Sharing
Ungoverned file sharing presents significant data security risks. Here are nine steps you should consider to enable a secure, collaborative environment.
12 November 2014
File sharing applications are popular in almost all organizations. That’s because they allow individuals to easily pass along information and collaborate, both internally, and externally with their partners and customers. The problem, however, is that in many cases, employees are using these tools without the information technology department’s knowledge or approval, a new report says.
Titled “Breaking Bad: The Risk of Unsecure File Sharing,” the report from Intralinks (conducted with the Ponemon Institute) examined the threats of unsecure employee file sharing. It turns out, employees use these unsafe apps either because they are unaware of the risks; or IT approval processes are too slow. Either way, it’s risking data security in the process.
More than Half Break Security Rules
The report indicates that more than 60 percent of respondents have often or frequently made the following mistakes:
- Used personal file sharing or file sync and share (FSS) applications in the workplace
- Sent unencrypted emails
- Failed to delete confidential documents, as required by company policies
- Accidentally sent files to unauthorized parties
Organizations Ignoring Risks
So how are organizations coping with the risks of ungoverned file sharing? Well, the research shows that organizations are not responding to the threats appropriately. In some cases, they’re ignoring them completely – putting their data and brand reputation at risk.
The survey polled more than 1,000 IT security professionals from the United States, United Kingdom and Germany; most of the respondents were at the supervisor level or above and had strong knowledge of their company’s information security, data privacy and file sharing procedures. The findings revealed that IT teams are having trouble managing the gaps in information security due to the expanded use of FSS apps. Consider this:
- About half of respondents are unsure or disagree that their organizations have governance and security practices in place
- Fifty-four percent say the organization’s IT department is involved in the adoption of new technologies for end users
- Only 49 percent feel that they can see employees’ file sharing applications
- A mere 9 percent of respondents say their organization is ISO 27001 compliant
- Just half feel that they can manage and control how users access and share sensitive documents
- Forty-eight percent feel that they have a clear policy for the adoption and use of cloud-based FSS applications
- Only 56 percent sufficiently educate their employees annually on the risks of data loss and data theft
- Seventy percent say their organizations haven’t conducted audits or assessments to see if document and file-sharing activities are legally compliant
What IT Departments Should Do
This research shows that many companies have few provisions in place (such as process, governance, and technology) to protect data. And still, organizations frequently continue to share sensitive information.
To enable a secure, collaborative information-sharing environment, organizations should consider taking these nine steps:
- Recognize that employees are already using unsanctioned and unmanaged file sharing solutions — thus putting sensitive business information at risk
- Realize that employees may not adopt or leverage IT-approved secure file sharing or cloud tools
- Improve official IT visibility by empowering security teams and other experts with complete authority over file sharing tools
- Roll out alternative adoptable collaboration tools that meet security, governance, and regulatory compliance requirements
- Deploy Information Rights Management (IRM) technology
- Implement identity and access management tools to manage and control access to sensitive data
- Create a clear security policy for cloud or file sharing services — and enforce it
- Frequently train employees about the risks of ungoverned file sharing and collaboration
- Regularly conduct audits and assessments to confirm that file sharing practices are compliant
To prevent data leakage through unsafe sharing, organizations must fully understand how information is being shared. Then IT should take steps to protect data wherever it’s stored or travel — inside the network and beyond the firewall.
If you’d like to learn more about how ungoverned file sharing by employees puts the organization at risk, we’d like to offer you a free copy of the report “Breaking Bad: The Risk of Unsecure File Sharing.”