IT pros turn a blind eye to file sharing practices, report says

A recent report from Ponemon Institute shines light on the lack of oversight IT security leaders have over the file sharing practices within their own company.

Based on a survey sponsored by Intralinks and administered to 1,100 IT professionals across three countries, half of these IT leaders admitted they engaged in fundamentally poor behavior, and have failed to set up corporate policies or assign accountability for data loss.

These actions opened businesses to data loss, breaches and regulatory non-compliance punishments.

“The use of commercial-grade file sharing applications is putting sensitive and confidential company information at great risk. To address the threat, companies need to put in place policies and procedures for the appropriate use of these applications. Management often turns a blind eye to the risks because these applications often make employees more productive. However, they achieve greater productivity at the expense of a potential data breach,” said Larry Ponemon, Chairman & Founder, Ponemon Institute.

Sixty-one percent of respondents confessed that they have “often or frequently” shared files through unencrypted email accounts, failed to delete confidential documents as required by policies, accidentally forwarded files or documents to unauthorized individuals, or used personal file-sharing/file sync-and-share apps in the workplace.

According to the report, “Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft. Being able to securely share valuable corporate data is a critical requirement for all organizations, but especially regulated companies like financial services and life sciences firms. Many companies have few provisions in place – process, governance, and technology – to adequately protect data.”

The survey results must make regulators just shake their heads. One head scratcher is that 70 percent of respondents say their organization has not conducted an audit or assessment to determine if document and file-sharing activities are in compliance with laws and regulations.

Other bad news includes:

• A clear policy for the adoption and use of cloud-based file sharing/file sync-and-share applications (48 percent).
• Clear visibility into the file sharing/file sync and share applications used by employees at work (49 percent).
• The ability to manage and control user access to sensitive documents and how they are shared (50 percent).
• Educates individuals annually of the risks of data loss and data theft (56 percent).

Without a clear company policy, the survey found that many employees sent unencrypted emails, did not delete confidential documents, forwarded files to unauthorized people as well as used personal file sharing apps at work.

In an age when having your personal device always on gains a competitive edge, it seems that advantage also creates holes in the network. The survey found that information sharing and collaborating is more pervasive than ever due to increased employee mobility, changing work patterns and BYOD.

The report goes on to say “File sync-and-share applications are popular because of their ability to make individuals more productive. Employees’ ability to work across groups and with partners, suppliers and customers in real-time can be a competitive advantage for organizations. However, the benefits created need to be supported by security policies and enabling technologies.”