Risky file sharing practices can cause data loss and compliance violations

Organizational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and that employees routinely breach IT policies and place company data in jeopardy, according to the Ponemon Institute.

“Data leakage and loss from negligent file sharing is now just as significant a risk as data theft,” noted Larry Ponemon, chairman of the Ponemon Institute. “While most companies take steps to protect themselves from hacking and other malicious activities, these same organizations are entirely unprepared to guard against risky and ungoverned file sharing using consumer-grade applications like Dropbox.”

The research found that file sharing poses a major threat to enterprise security, and that senior managers at organizations are having difficulty setting and enforcing effective policies to safeguard against data leakage.

Many organizations are vulnerable to both data loss and non-compliance due to cloud file sharing and improper file sharing practices – and it starts from the top down. Further, it is clear that the enterprise IT department has lost control of user application decision-making, as well as of company data.

More than 1,000 IT security professionals from the United States, United Kingdom, and Germany were surveyed. Key findings from the report include:

• Almost half (49 percent) of respondents believe their company lacks clear visibility into employees’ use of file sharing/file sync and share applications.
• Half of respondents (51 percent) aren’t convinced their organizations have the ability to manage and control user access to sensitive documents and how they are shared.
• The majority of organizations have policies governing the use of file sharing, but policies are not being communicated to employees effectively.
• Only 54 percent of respondents say their IT department is involved in the adoption of new technologies for end users, including cloud-based services.

More sobering, approximately 61 percent of respondents confessed that they have “often or frequently” done the following:

• Accidentally forwarded files or documents to individuals not authorized to see them.
• Used their personal file-sharing/file sync-and-share apps in the workplace.
• Shared files through unencrypted email.
• Failed to delete confidential documents or files as required by policies.

Ponemon’s research concludes that these file-sharing issues are making enterprises extremely vulnerable to data loss and compliance violations. This vulnerability is heightened for regulated industries like financial services, where the risks and repercussions of data loss are more severe. The research also showed that employees are acting badly when it comes to data sharing and collaboration, routinely violating IT policy in order to get things done faster.

Survey respondents indicated a lack of senior-level accountability in their organizations for developing and implementing file-sharing policies. Of senior level respondents, 44% did not believe they had the ability to manage and control user access to sensitive documents and how they are shared. Among respondents who do have that ability, their confidence in asserting it was mixed.