Firms at serious risk of data loss through file sharing, study shows

Businesses are at serious risk of data loss and compliance violations due to risky file-sharing practices, a study has shown

Businesses are at serious risk of data loss and compliance violations due to risky file-sharing practices, a study by the Ponemon Institute has revealed.

Business leaders are failing to respond to the escalating risk of ungoverned file sharing and regular breaches of security policies by staff, according to the study commissioned by Intralinks.

Almost half of the more than 1,000 information security professionals polled in the UK, Germany and US believe their company lacks clear visibility of staff-use file-sharing or file sync-and-share applications.

Just over half said they did not believe their organisations have the ability to manage and control user access to sensitive documents and how they are shared, according to the study report.

While the study showed most organisations have policies governing the use of file sharing, policies are not being communicated to employees effectively.

Only 54% respondents said their IT department is involved in the adoption of new technologies for users, including cloud-based services.

The research also showed employees are acting badly when it comes to data sharing and collaboration, routinely violating IT policy to get things done faster.

Six in 10 respondents also admitted they had often or frequently accidentally forwarded files to individuals not authorised to see them, used their personal file-sharing or file sync-and-share apps in the workplace, shared files through unencrypted email, or failed to delete confidential documents or files as required by security policies.

However, survey respondents indicated a lack of senior-level accountability in their organisations for developing and implementing file-sharing policies.

Of senior level respondents, 44% did not believe they had the ability to manage and control user access to sensitive documents and how they are shared.

Chairman of the Ponemon Institute Larry Ponemon said data leakage and loss from negligent file sharing is now just as much a risk as data theft.

“While most companies take steps to protect themselves from hacking and other malicious activities, this report shows these same organisations are entirely unprepared to guard against risky and ungoverned file sharing using consumer-grade applications like Dropbox,” he said.

Ponemon described the study’s findings as shocking and said they identify the holes in document and file-level security mainly caused by their expanded use beyond the corporate firewall.

“The goal of senior leadership should be to provide appropriate, secure systems and enforce policies to reduce the risk created by employees behaving badly,” he said.

Organisations struggling to enforce effective security policies

The research showed file sharing poses a major threat to enterprise security, and senior managers at organisations are having difficulty setting and enforcing effective policies to safeguard against data leakage.

According to the report, enterprise IT departments have lost control of user application decision-making, as well as company data.

CIOs need to regain control of data, and to do that they need tools designed for the enterprise with security and compliance in mind

Daren Glenister, Intralinks

The report concludes many organisations are vulnerable to both data loss and non-compliance due to cloud file sharing and improper file-sharing practices.

This vulnerability is heightened for regulated industries like financial services, where the risks and repercussions of data loss are more severe, the report said.

Intralinks chief technology officer Daren Glenister said the negative effects of consumer-grade file sharing and collaboration platforms on the enterprise are clear.

“CIOs need to regain control of data, and to do that they need tools designed for the enterprise with security and compliance in mind, but without sacrificing ease-of-use,” he said.

According to Glenister, shadow IT is a powerful force CIOs need help in countering if they are to ensure the security and compliance of critical data.

In comparing the three countries polled, German respondents achieved a higher effectiveness rating in stopping the misuse of file-sharing tools than respondents in the UK and US.

The extrapolated average rating for German respondents on a 10-point effectiveness scale is 6.08. In contrast, UK respondents had an average rating of 5.44 – which is below the mean of 5.5.

German respondents also said their companies achieve a higher of level of safety than UK and US companies with respect to file sharing.

Further, the extrapolated average rating for German respondents on a 10-point safety scale is 6.22. In contrast, UK respondents had an average rating of 5.24 – which is below the mean of 5.5.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This has always been an issue. I do not see it going away soon due to the fact people are people. Unless they are held accountable for their actions they tend to be a little less focused and lazy and that can cause problems down the road. Maybe if the files being shared were encrypted and password protected then only those authorized would have access.
Cancel
I agree ToddN2000--and I think it just helps to build the case for an on-prem file sync and share system or an IT-managed commercial service that has sufficient enterprise-class controls. And, yes, companies have to start enforcing their own rules, too--but a full-featured internally managed FSS would go a long way toward discouraging "shadow" app use.
Cancel
It's just not file sharing ,data loss will always have some risks. In order for your employees to do their jobs some need greater access to the data. In this case if comes down to trust. Can you be assured that they do not load data to removable media and take it out the front door ? If you have happy employees yo may have no issue. It's the angry disgruntled worker I'd be afraid of.
Cancel
You can do all sorts of things to button down systems including disabling USB ports, etc.--and it's true that no matter what you do there will likely be some data leakage. But an in-house FSS system can help lessen the likelihood of data loss (or losing track of data). Along with that, a clear and well-communicated company policy re data handling responsibilities will also go a long way toward control data misuse--that is, as long as it's enforced.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close