Sensitive employee and customer data is at risk from hackers at over 90% of companies.
According to the Insider Threat Index from enterprise risk vendor Reconnex, in 91% of cases US credit-card numbers had been exposed entering or leaving their network to potential hackers in July, as well as 82% of social security numbers.
The report identifies human resources departments as the main source of risk when they send personal information to payroll, health insurance or other third-party vendors. Sending Excel spreadsheets full of names, bank details and other personal information to partners potentially exposes this data to prying eyes.
Common P2P file-sharing protocols such as BitTorrent and Gnutella were detected in 80% of the companies, potentially plunging companies into copyright disputes or problems over sharing sensitive information.
"These statistics demonstrate how far the P2P phenomenon has spread to corporate networks even in the face of corporate IT departments' efforts to stop them," says Gerard M Stegmaier, an attorney at Wilson Sonsini Goodrich and Rosati.
Tougher employee controls need to be enforced, particularly to prevent employees using Webmail. Many companies now impose file size limits for emails, which employees bypass by sending large files using their personal Webmail accounts.