Sixty-one percent have shared files through unencrypted email accounts A recent report from Ponemon Institute shines light on the lack of oversight IT security leaders have over the file sharing practices within their own company.Based on a survey sponsored by Intralinks and administered to 1,100 IT professionals across three countries, half of these IT leaders admitted they engaged in fundamentally poor behavior, and have failed to set up corporate policies or assign accountability for data loss.These actions opened businesses to data loss, breaches and regulatory non-compliance punishments.“The use of commercial-grade file sharing applications is putting sensitive and confidential company information at great risk. To address the threat, companies need to put in place policies and procedures for the appropriate use of these applications. Management often turns a blind eye to the risks because these applications often make employees more productive. However, they achieve greater productivity at the expense of a potential data breach,” said Larry Ponemon, Chairman & Founder, Ponemon Institute. Sixty-one percent of respondents confessed that they have “often or frequently” shared files through unencrypted email accounts, failed to delete confidential documents as required by policies, accidentally forwarded files or documents to unauthorized individuals, or used personal file-sharing/file sync-and-share apps in the workplace.According to the report, “Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft. Being able to securely share valuable corporate data is a critical requirement for all organizations, but especially regulated companies like financial services and life sciences firms. Many companies have few provisions in place – process, governance, and technology – to adequately protect data.” The survey results must make regulators just shake their heads. One head scratcher is that 70 percent of respondents say their organization has not conducted an audit or assessment to determine if document and file-sharing activities are in compliance with laws and regulations.Other bad news includes:A clear policy for the adoption and use of cloud-based file sharing/file sync-and-share applications (48 percent).Clear visibility into the file sharing/file sync and share applications used by employees at work (49 percent).The ability to manage and control user access to sensitive documents and how they are shared (50 percent).Educates individuals annually of the risks of data loss and data theft (56 percent).Without a clear company policy, the survey found that many employees sent unencrypted emails, did not delete confidential documents, forwarded files to unauthorized people as well as used personal file sharing apps at work.In an age when having your personal device always on gains a competitive edge, it seems that advantage also creates holes in the network. The survey found that information sharing and collaborating is more pervasive than ever due to increased employee mobility, changing work patterns and BYOD.The report goes on to say “File sync-and-share applications are popular because of their ability to make individuals more productive. Employees’ ability to work across groups and with partners, suppliers and customers in real-time can be a competitive advantage for organizations. However, the benefits created need to be supported by security policies and enabling technologies.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe