Employee file sharing practices put corporate data at risk, study finds

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmagazine.com//employee-file-sharing-practices-put-corporate-data-at-risk-study-finds/article/333607/

Dangerous file sharing practices put sensitive corporate data at risk -
that is the focus of the latest report from Globalscape, a software company
that surveyed more than 500 corporate employees.

Some of the bigger findings in the study revealed that 63 percent of
employees use remote storage devices to transfer confidential work files,
45 percent of employees use consumer sites such as DropBox, and 30 percent
of employees use cloud storage services.

"The most interesting finding is the sheer amount of employees that are
regularly bypassing their internal solutions for consumer tools," James
Bindseil, CEO with Globalscape, told SCMagazine in an email correspondence.
"Most organizations have infrastructure in places that enable employees to
securely transfer information."

Another finding is that more than 60 percent of employees use personal
email addresses to transfer work data, a problem that is compounded by the
fact that more than 50 percent of staffers admitted to using the same
password across multiple accounts.

"When employees are careless with sensitive data, the risk for a security
breach increases," Bindseil said. "It's also a major compliance issue. When
employees send sensitive information through personal email, or load data
to a personal device, IT loses control and visibility, the audit trail
disappears, and it becomes almost impossible for an organization to prove
compliance."

A lack of training, communication and enforcement of IT policies could be
leading to risky employee behaviors, according to the study, which revealed
that only 47 percent of employees surveyed are aware of a company policy
for sending sensitive files. Meanwhile, 30 percent of staffers said their
companies do not have policies and 22 percent said they are unsure.

"Employees need to understand that the tools they use to send files and
data in their personal lives aren't acceptable in the workplace," Bindseil
said. "If enterprises want to have any hope of managing and securing the
sensitive data leaving their organizations, they also need to provide
solutions that easily integrate into the daily routines of their employees."

Bindseil recommended sending and receiving all sensitive files and data
through a secure and managed file transfer solution, which will give the IT
department visibility into who is accessing the information and how it is
being accessed.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!