Imagine your organization has taken all the right steps to protect its important files and information from outside attacks. Is that enough? Firewalls, anti-virus software and priority access protocols only cover file storage. What about file sharing?
According to Ponemon’s 2013 Cost of Data Breach Study, the majority of information leaks aren’t caused by malicious or criminal attacks. Rather, about two-thirds of data breaches are actually due to system glitches and human factors. You can’t afford to let users break important information-sharing policies. The study found the average cost of a data breach in the United States is US$188 per record, which makes the average organizational cost more than $5.4 million. In addition, breaches put businesses, users and customer integrity at risk when internal information becomes public, which can lead to even bigger problems.
We’ve covered pieces of this topic before, so let’s step back and get an overview of how your employees’ file sharing may be putting your organization at risk. Then we’ll look at some steps you can take to mitigate that risk.
Use of personal accounts to share data
Five o’clock comes, and one of your employees realizes he or she will have to take some work home. The user sends an email to a personal account and attaches the internal files. To an employee, this is no big deal. The boss would be happy the employee is putting in the extra effort.
Unfortunately, this is an all-too-common occurrence. In its Dangerous File-Sharing whitepaper, Globalscape* found in the last year, 63 percent of employees had used personal email to send sensitive work documents. Of those employees, 74 percent believe their companies approve of this type of file-sharing. The truth is, using personal accounts to share internal files is dangerous; family members may have access to personal accounts—personal devices are rarely secure—and the user can then send the data to anyone without oversight.
Use of unapproved storage methods
The whitepaper also found that 63 percent of employees have used remote storage devices like USB drives and mobile phones to transfer confidential work files. Forty-five percent of employees have also used cloud applications like Dropbox and Box. Although these storage methods may work well for the employee, they have next to no security measures in place. USB drives and cell phones are easy to misplace or for someone to steal, and require few credentials to access. As for sites like Dropbox, they provide no way for users to encrypt their files before uploading them to the site.
Reliance of convenient, easy-to-use applications and sites
According to the Cisco whitepaper Data Leaks Worldwide, approximately 70 percent of IT security professionals said that unauthorized application use accounted for at least half of their organizations’ data leaks. Modern employees have grown accustomed to using their favorite applications and websites. Problems arise when these applications and sites take no security measures and employees unknowingly risk exposing corporate data through them.
The good news is that there are steps your organization can take to keep files secure against human factors. The first is education. Most employees don’t want to put the company in danger and won’t intentionally risk a security breach; they simply don’t realize the danger of their actions. It is important to take time to carefully explain to your staff the risks of using unsanctioned tools and what impact careless file sharing could have.
You should also implement technologies that give employees the ease and freedom they demand. If current processes drag on an employee’s productivity, that employee is more likely to sidestep or simply ignore your policies. Give your employees an attractive, company-approved option like Novell Filr — an on-premise offering from our sister company, Novell — which lets employees access their corporate their corporate files anywhere, on any device, but which stores data on-premises and inside your existing security.
When you keep your employees happy and productive with the technologies they want, your business is in a better position to stick to its file sharing policies and protect sensitive information.
* Good content/research is good content, no matter who publishes it … even competitors.