Sixty-one percent have shared files through unencrypted email accounts A recent report from Ponemon Institute shines light on the lack of oversight IT security leaders have over the file sharing practices within their own company.Based on a survey sponsored by Intralinks and administered to 1,100 IT professionals across three countries, half of these IT leaders admitted they engaged in fundamentally poor behavior, and have failed to set up corporate policies or assign accountability for data loss.These actions opened businesses to data loss, breaches and regulatory non-compliance punishments.“The use of commercial-grade file sharing applications is putting sensitive and confidential company information at great risk. To address the threat, companies need to put in place policies and procedures for the appropriate use of these applications. Management often turns a blind eye to the risks because these applications often make employees more productive. However, they achieve greater productivity at the expense of a potential data breach,” said Larry Ponemon, Chairman & Founder, Ponemon Institute. Sixty-one percent of respondents confessed that they have “often or frequently” shared files through unencrypted email accounts, failed to delete confidential documents as required by policies, accidentally forwarded files or documents to unauthorized individuals, or used personal file-sharing/file sync-and-share apps in the workplace.According to the report, “Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft. Being able to securely share valuable corporate data is a critical requirement for all organizations, but especially regulated companies like financial services and life sciences firms. Many companies have few provisions in place – process, governance, and technology – to adequately protect data.” The survey results must make regulators just shake their heads. One head scratcher is that 70 percent of respondents say their organization has not conducted an audit or assessment to determine if document and file-sharing activities are in compliance with laws and regulations.Other bad news includes:A clear policy for the adoption and use of cloud-based file sharing/file sync-and-share applications (48 percent).Clear visibility into the file sharing/file sync and share applications used by employees at work (49 percent).The ability to manage and control user access to sensitive documents and how they are shared (50 percent).Educates individuals annually of the risks of data loss and data theft (56 percent).Without a clear company policy, the survey found that many employees sent unencrypted emails, did not delete confidential documents, forwarded files to unauthorized people as well as used personal file sharing apps at work.In an age when having your personal device always on gains a competitive edge, it seems that advantage also creates holes in the network. The survey found that information sharing and collaborating is more pervasive than ever due to increased employee mobility, changing work patterns and BYOD.The report goes on to say “File sync-and-share applications are popular because of their ability to make individuals more productive. Employees’ ability to work across groups and with partners, suppliers and customers in real-time can be a competitive advantage for organizations. However, the benefits created need to be supported by security policies and enabling technologies.” Related content news analysis Water system attacks spark calls for cybersecurity regulation The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation. By Cynthia Brumfield Dec 11, 2023 11 mins Regulation Cyberattacks Critical Infrastructure feature Accenture takes an industrialized approach to safeguarding its cloud controls Security was once a hindrance for Accenture developers. But since centralizing the company's compliance controls, the process has never been simpler. By Aimee Chanthadavong Dec 11, 2023 8 mins Application Security Cloud Security Compliance news analysis LogoFAIL attack can inject malware in the firmware of many computers Researchers have shown how attackers can deliver malicious code into the UEFI of many PCs though BIOS splash screen graphics. By Lucian Constantin Dec 08, 2023 8 mins Malware Vulnerabilities news Google expands minimum security guidelines for third-party vendors Google's updated Minimum Viable Secure Product (MVSP) program offers advice for working with researchers and warns against vendors charging extra for basic security features. By John P. Mello Jr. Dec 08, 2023 4 mins Application Security Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe