In the wake of an alleged iCloud hack that has leaked hundreds of nude celebrity photos, James Bindseil, CEO of security and file sharing specialist Globalscape, says consumer file sharing solutions pose a major threat to enterprise security.
In this blog piece for PCR, Bindseil highlights the importance of safe file sharing amongst the business community, while analysing the threats posed by failing to secure key access points.
The IT security industry has seen dramatic growth in recent years. As businesses move technologies into the cloud and adapt to an increasingly mobile workforce, IT threats have naturally grown. For enterprise IT leaders, security can no longer just be an afterthought. The cost of neglecting security is a constant reminder, as we continue to see high-profile data breaches regularly.
Much attention has been given to cybercriminals who wish to gain access to corporate data. However, according to the Ponemon Institute, more than a third of all data breaches are caused internally, and they are frequently the result of employees mishandling sensitive data. Worryingly, according to an Ernst & Young survey, only 17 percent of employees believe that their security practices meet the business needs of the company.
The growth of the mobile workforce, coupled with the lack of approved, user-friendly file sharing tools, has led employees to use risky means to easily distribute files. The use of public cloud consumer sharing solutions is common and easy but can be insecure and often a nightmare to an internal IT team. When files leave the safety of business' managed infrastructure, they are very difficult to track, and if that data lands in the wrong hands, it can result in a data breach.
Dangerous file sharing habits threaten enterprise security
With so many data breaches being caused internally, and often by dangerous file sharing, it is likely that you may have also fallen into one of these traps: sending emails across unsecured networks, using unencrypted mobile devices, and/or using public cloud platforms to share corporate data.
Consumer-grade file sharing services
Consumer file sharing solutions without enterprise-level audit and control, like Dropbox and iCloud, pose a major threat to enterprise security. Our research has shown that a staggering 45 per cent of employees have used consumer sites for sharing confidential corporate information.
Cybercriminals are increasingly aware of the sensitive corporate data shared through these services every day. It is essential for IT teams to ensure that their employees use a managed file sharing solution, with a higher level of security.
It is imperative that businesses retain control of their data. When files move externally, IT departments lose control of the data allowing it to end up in potentially malicious hands. Furthermore, they run the risk of bringing their organisation out of compliance with the Data Protection Act.
Enabling safe file sharing is an essential IT best practice and it is relatively easy to implement with secure managed file transfer solutions.
Email has become the method of communication in the business world. However, its inherent benefits that make it an effective business tool—a fast and easy means to communicate—pose a risk to enterprise security. Using a personal email address to send corporate data is one of the most dangerous ways to share files, yet in a recent Globalscape survey, 63 percent of respondents have done just this.
Surprisingly, 74 percent of those employees believe that their companies approve of their method of sharing files. Personal email accounts are typically supported on public networks and can be made even less secure by the users’ choice of passwords and security questions, making them an appealing target for cybercriminals.
USB drives are being used less frequently today; however, they still pose a clear threat when employees choose to store confidential information on unencrypted devices. A Globalscape survey found that 63 per cent of respondents have used remote storage devices like USBs to carry confidential files. This is especially concerning as the majority of these personal devices will be unencrypted; therefore, the potential number of people with the ability to access the data is far greater.
While many organisations have chosen to ban the use of non-approved USB devices, these policies seem to have had little effect on employees.
About the author
James L. Bindseil is the President and CEO of Globalscape and serves on its board of directors.