IT pros turn a blind eye to file sharing practices, report says

A recent report from Ponemon Institute shines light on the lack of oversight IT security leaders have over the file sharing practices within their own company.

Based on a survey sponsored by Intralinks and administered to 1,100 IT professionals across three countries, half of these IT leaders admitted they engaged in fundamentally poor behavior, and have failed to set up corporate policies or assign accountability for data loss.

These actions opened businesses to data loss, breaches and regulatory non-compliance punishments.

"The use of commercial-grade file sharing applications is putting sensitive and confidential company information at great risk. To address the threat, companies need to put in place policies and procedures for the appropriate use of these applications. Management often turns a blind eye to the risks because these applications often make employees more productive. However, they achieve greater productivity at the expense of a potential data breach," said Larry Ponemon, Chairman & Founder, Ponemon Institute.

Sixty-one percent of respondents confessed that they have "often or frequently" shared files through unencrypted email accounts, failed to delete confidential documents as required by policies, accidentally forwarded files or documents to unauthorized individuals, or used personal file-sharing/file sync-and-share apps in the workplace.

According to the report, "Data leakage and loss from negligent file sharing and information collaboration practices is becoming just as significant a risk as data theft. Being able to securely share valuable corporate data is a critical requirement for all organizations, but especially regulated companies like financial services and life sciences firms. Many companies have few provisions in place process, governance, and technology to adequately protect data."

The survey results must make regulators just shake their heads. One head scratcher is that 70 percent of respondents say their organization has not conducted an audit or assessment to determine if document and file-sharing activities are in compliance with laws and regulations.

Other bad news includes:

  • A clear policy for the adoption and use of cloud-based file sharing/file sync-and-share applications (48 percent).
  • Clear visibility into the file sharing/file sync and share applications used by employees at work (49 percent).
  • The ability to manage and control user access to sensitive documents and how they are shared (50 percent).
  • Educates individuals annually of the risks of data loss and data theft (56 percent).

Without a clear company policy, the survey found that many employees sent unencrypted emails, did not delete confidential documents, forwarded files to unauthorized people as well as used personal file sharing apps at work.

In an age when having your personal device always on gains a competitive edge, it seems that advantage also creates holes in the network. The survey found that information sharing and collaborating is more pervasive than ever due to increased employee mobility, changing work patterns and BYOD.

The report goes on to say "File sync-and-share applications are popular because of their ability to make individuals more productive. Employees' ability to work across groups and with partners, suppliers and customers in real-time can be a competitive advantage for organizations. However, the benefits created need to be supported by security policies and enabling technologies."

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecuritydata breachPonemon Institutesoftwaredata protection

More about Intralinks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by CSO staff

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts