File sharing applications are popular among employees as they enable them to share information with colleagues, partners, customers and suppliers in real time while on the go, wherever they have access to an internet connection.
While this is clearly also advantageous for businesses, it can also be very detrimental if the process is not strictly governed with clear policies that everyone understands and adheres to.
This is due to the fact that such systems pose a security threat to corporate data when, for example, employees share documents with people not authorised to see them, send sensitive information in an unencrypted format, or fail to have strong password security on their personal devices to protect corporate data in the event that one of their devices are lost or stolen.
So how much of a risk of data loss is created by the use of these unsecured file sharing apps? Well, according to a large-scale international security survey published late last year, the risk is enormous, and it is happening all the time.
Breaking Bad: The Risk of Unsecure File Sharing1, a survey conducted by the Ponemon Institute, published in October 2014, questioned over 1,000 IT and IT security practitioners in the US, UK and Germany, the majority of whom had expertise and understanding of their organisation’s use of file-sharing solutions and overall information security and data privacy policies and strategies.
Somewhat alarmingly, the survey found that not only is the practice of using personal file sharing apps widespread in the workplace, but less than half of all those surveyed (48 percent) said their organisation had a clear policy for the adoption and use of cloud-based file sharing applications.
Given the potential consequences of a data breach, such as loss of reputation, falling foul of laws and regulations and being exposed to potentially financially ruinous litigation, organisations are not responding to this risk in the appropriate manner and giving it the full attention it clearly merits.
An incredible 70 percent of respondents admitted their organisation had not conducted an audit or assessment to determine if their document and file-sharing activities were in compliance with their country’s laws and regulations. Whilst only 9 percent said their organisation was compliant with ISO 27000, which is the international standard for process-based security.
It seems strange that organisations would spend so much time and money trying to safeguard their networks from malicious threats, yet pay so little attention to preventing data loss at the hands of their own employees given that the consequences can be equally as dire.
So what needs to be done to address this?
- Firstly, organisations must have clear policies in place around the use of these applications and conduct regular monitoring and audits to ensure these policies are being adhered to.
- Employees must also be made aware of these rules (and aware of the risks of flouting them) through training sessions, so that the “I didn’t know” defence of using such apps is taken out of the equation.
- IT security practitioners also need to assume total control and responsibility for securing file-sharing activities and have full visibility of what apps are being used on their network.
Only by following these steps and returning this responsibility and visibility back to those with the necessary expertise can companies feel safe that they will not be left exposed by inadequate data management practices.
To find out more about how Iron Mountain can assist you in putting in place secure information management practices, please visit www.ironmtn.com.au
1 Independently conducted by Ponemon Institute LLC, Breaking Bad: The Risk of Unsecure File Sharing Sponsored by Intralinks, October 2014