With the proliferation of the Bring Your Own Device trend, organizations have to monitor devices such as smartphones, tablets, USB drives and sophisticated MP3 players due to file hosting capabilities.
The survey found that 72% of respondents use their own portable devices to store confidential work files. This combined with the fact that 55% said they use free cloud based services such as Dropbox and that 65% use personal webmail to move confidential files.
However, the majority of businesses having no visibility into the data that is being moved, leading to concern that the data could be compromised either in transit or through loss of a personal device.
The loss of USB devices holding sensitive information has dominated headlines over the past 24 months and the trend sets to continue with, 31% of respondents saying that they have lost either a USB device, a smartphone or other storage device containing sensitive work information. However, 69% failed to report their loss to the IT Department.
Additional findings of the survey include:
- 78% of respondents said they use email to send classified or confidential information, such as payroll, customer data, financial information and business plans at least once a day, 64% weekly or more often.
- Of those that said they use personal email accounts to send confidential information, 35% stated that personal email is faster and more convenient, while 25% cited that files that are too large to send from work email. Additionally, 15% said they had difficulties connecting with work email while out of the office therefore turned to personal email accounts to send sensitive work files instead of work email accounts.
- Whilst 52% or organizations provide their employees with an IT sanctioned tool for file sharing; only 30% enforce its usage.
“Businesses are moving vast amounts of information and sensitive files per day, whether it is by email, through the cloud or by employees using their own devices to back-up and store data. It is therefore imperative that organizations have a policy in place for approved forms of data transfer and have visibility into files that are being moved, by whom and to what medium. It is always important to note that data loss can incur severe financial penalties for the organization, as well as damage it reputation.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.