The Riskiest File Sharing Technologies
Employees need file sharing tools that enable productivity and facilitate communication. However, when ungoverned, these same applications risk data loss.
22 November 2014
Many information technology and information security execs are not confident that they can manage risky file sharing practices by employees.
In fact, 49 percent do not believe (or are unsure if) they have clear visibility into their organization’s use of file sharing or file sync and share (FSS) applications, says research by the Ponemon Institute.
The most risky file sharing practices happen regularly in the business world, with employees repeatedly putting their company’s intellectual property at risk through negligent file sharing. The Ponemon Institute says that the following practices occur frequently or often in most organizations:
- Sixty-two percent have used their personal file sharing or FSS apps in the workplace
- Sixty-four percent said their organizations are in the dark about whether or not file sharing activities are in compliance
- Forty-six percent say more than 26 percent of applications are being used by various business groups without the IT department’s approval or knowledge
- Sixty percent have received documents not intended for them, and 62 percent have accidentally sent documents to unauthorized parties
- Sixty-one percent have ignored policies and did not delete confidential information
Is Your Information at Risk?
To get work done quickly, employees need file sharing tools that enable productivity and facilitate communication. However, when left unmanaged by corporate IT, these same applications present the risk of immense data loss to the organization. In the Ponemon survey, respondents were asked to rank the level of risk that specific file sharing tools posed to their companies. Not surprisingly, the two riskiest technologies are unencrypted email and cloud file sharing solutions. Based on the findings, it appears the FSS applications have been deployed as widely as email.
How to Stop Bad Behavior
Without the proper security and controls in place, organizations may be vulnerable to information loss and noncompliance. To prevent bad file sharing behavior in your organization, consider these five steps:
- Understand why employees do not adopt or leverage approved tools and confirm what applications, capabilities, or features are needed.
- Empower your IT and security teams to have stronger visibility and authority over file sharing tools, and conduct audits and assessments regularly to verify that all file sharing practices are compliant.
- Deploy enterprise file sharing collaboration tools that users can adopt comfortably and that meet security, governance, and regulatory compliance requirements.
- Implement identity and access management tools to effectively control information; embed Information Rights Management (IRM) on all sensitive documents.
- Build a clear and enforceable information security policy that includes cloud and file sharing services. To ensure your employees understand and follow the policy, train them regularly about the risks of ungoverned file sharing and collaboration.
More and more information will continue to be shared outside of the organization. Having little or no process control, weak information security, and unenforced policies for governance over how information is shared opens your company to data loss and non-compliance.
It’s time for information security leaders to respond to the risks of ungoverned file sharing and take the right steps to prevent it.
Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.