The Insecure File Sharing Habits of Employees
Forget about hackers. The real threat to your clients’ data (and their business) is their own internal employees – and not because of any malice on their part, but rather the way in which they send sensitive information without the use of a business-grade file sharing solution.
From this one problem come all sorts of risks – risks that were outlined brilliantly by Stephen Hess in a recent article on computerweekly.com. As the director of product management for Ipswitch File Transfer, Stephen has seen almost every potential file-sharing risk become a file-sharing nightmare. We wanted to take a closer look at a few of these risks in particular, so that MSPs like you can effectively communicate them to clients who insist on using consumer-grade services. Let’s dive in:
Insecure methods are still being used to send confidential files – Employees are circumventing IT protocols and turning to unsanctioned tools such as file-sharing, messaging, collaboration and social media tools in record numbers. This has resulted in a lack of visibility and control for IT departments, exposing organizations to security and compliance risks. Both the means by which users can share information, and the sheer volume of data changing hands between individuals and between businesses, has skyrocketed.
Stephen makes a point that’s worth repeating here: The amount of data transferred on a regular basis has not simply grown, it’s skyrocketed. If it had stayed flat, one could possibly argue that consumer-grade tools could still get the job done. They cannot, if for no other reason than security and (the big one) compliance. With so much critical data on the move, businesses need the ability to quickly identify “who received what and when” else they are setting themselves up for a major headache or possibly even a major fine.
Many employees choose to attach private company documents and data to personal email – Recent surveys have shown that a vast majority (84 percent) of business users send classified or confidential information via corporate email attachments. Of those, 72 percent do so weekly and 52 percent daily. IT managers have limited control because users are sending a clear message with their file-sharing habits. They cannot afford delays or slowdowns associated with jumping through perceived hoops to send out information and files that keep business humming.
These are stats that have to drive an MSP crazy. Essentially, it means that the majority of files are sent via insecure means – and we all know why: Email is convenient, whereas some business-grade solutions are not always easy-to-use. Thus, when highlighting features, MSPs would be wise to focus on the usability of the solution and how it can easily become part of the everyday process for employees.
Risk of data loss and theft remains high without greater control and management – When business users are not turning to personal email accounts or free file-sharing services, they are often sticking files on USB thumb drives, smartphones or other external devices. Unfortunately, recent surveys show that almost one-third have lost a USB device, smartphone or other external device containing business or personal information in the past – a tremendous risk for any organization.
Businesses tend to forget about the physical forms of data loss like this. USB sticks might seem like an outdated way to share files, but it’s a method still being employed with alarming regularity.
These are just a few of the risks that come with sending, storing and sharing files via insecure means. With your help – and with the help of a true, business-grade file sharing solution – we can start to make these risks a thing of the past.
What other risks have you encountered when it comes to employees and their use of file sharing methods? Be sure to let us know in the comments section below.
About Martin Horan
Founder of FTP Today and an expert in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.