Personal email could be 2014’s biggest threat to corporate data. A new survey of more than 500 professionals released by GlobalSCAPE Inc. found that in the past 12 months, 63 percent of employees have used personal email to send sensitive work documents. Perhaps more surprisingly, 74 percent of those employees believe that their companies approve of this type of file-sharing behavior.
Using personal email to send sensitive business files creates a major security and compliance risk to corporations. Last month, millions of Gmail and Yahoo accounts were breached.
The threat of consumer-grade file transfer methods extends far beyond employees’ use of personal email. In the past 12 months:
- 63 percent of employees have used remote storage devices, such as USB drives, to transfer confidential work files;
- 45 percent of employees have used consumer sites such as Dropbox and Box.net to share sensitive business information; and
- 30 percent of employees have used cloud storage services for work-related files.
“Millions of employees are actively using consumer-grade tools, like personal email, social media and file-sharing sites, to move confidential work files every day,” said James Bindseil, president and CEO of Globalscape, a developer of secure information exchange solutions. “While the intent is typically harmless, these actions can have serious security and compliance ramifications.”
Employees’ reliance on consumer-grade tools to transfer files is not an isolated problem. Nearly half of all employees surveyed transfer work files through unsecured channels (remote storage, personal email, cloud storage, or consumer file-transfer sites) several times a week.
“We found that 80 percent of employees surveyed that use personal email to transfer sensitive work files do it at least once a month,” Bindseil said. “Even scarier: Nearly a third of that group knows for a fact that their personal email has been hacked at least once, yet they continue to put company information at risk.”
Who’s to Blame: Employees or IT Teams?
Information technology (IT) departments are struggling to create effective information-sharing policies and educate employees on the risks of using unsecured channels. According to Globalscape’s survey, only 47 percent of employees think the companies they work for have policies for sending sensitive files. Almost a third said that there were no policies in place, and 22 percent weren’t sure.
Policy enforcement is also lacking. Of the employees at companies that have policies for sending sensitive files, 54 percent still use personal email, and 62 percent still use remote devices.
“The information-sharing needs of today’s work force are rapidly evolving, and most organizations are failing to keep up,” Bindseil said. “Employees need and expect instant access to information and the ability to send and store files at the press of a button. When internal technology and tools come up short, employees will find a workaround.”
There are many reasons that employees find alternatives to their company-provided file-transfer tools, but the biggest drivers are simplicity and ease of use. According to Globalscape’s survey:
- 52 percent said it’s more convenient to use a tool that they know well;
- 33 percent reported that recipients have had trouble accessing files sent through the company system; and
- 18 percent said they use alternatives because the company’s tool does not offer mobile access.
“Speed, simplicity and mobile access are critical,” Bindseil said. “If enterprises have any hope of managing and securing the sensitive data leaving their organization, they need to provide solutions that easily integrate into the daily routines of their employees.”