News release: 2nd October 2014
‘iCloud and Dropbox pose a major threat to enterprise security’
In the wake of an alleged iCloud hack that has leaked hundreds of nude celebrity photos, the spotlight has highlighted how consumer file sharing solutions pose a major threat to enterprise security.
Much attention has been given to cybercriminals who wish to gain access to corporate data. However, according to the Ponemon Institute, more than a third of all data breaches are caused internally, and they are frequently the result of employees mishandling sensitive data. Worryingly, according to an Ernst & Young survey, only 17 percent of employees believe that their security practices meet the business needs of the company.
The growth of the mobile workforce, coupled with the lack of approved, user-friendly file sharing tools, has led employees to use risky means to easily distribute files. The use of public cloud consumer sharing solutions is common and easy but can be insecure and often a nightmare to an internal IT team. When files leave the safety of business’ managed infrastructure, they are very difficult to track, and if that data lands in the wrong hands, it can result in a data breach.
Dangerous file sharing habits threaten enterprise security
With so many data breaches being caused internally, and often by dangerous file sharing, it is likely that you may have also fallen into one of these traps: sending emails across unsecured networks, using unencrypted mobile devices, and/or using public cloud platforms to share corporate data.
Consumer-grade file sharing services
Consumer file sharing solutions without enterprise-level audit and control, like Dropbox and iCloud, pose a major threat to enterprise security. Research has shown that a staggering 45 per cent of employees have used consumer sites for sharing confidential corporate information.
It is imperative that businesses retain control of their data. When files move externally, IT departments lose control of the data allowing it to end up in potentially malicious hands. Furthermore, they run the risk of bringing their organisation out of compliance with the Data Protection Act.
Enabling safe file sharing is an essential IT best practice and it is relatively easy to implement with secure managed file transfer solutions.
Email has become the method of communication in the business world. However, its inherent benefits that make it an effective business tool—a fast and easy means to communicate—pose a risk to enterprise security. Using a personal email address to send corporate data is one of the most dangerous ways to share files, yet in a recent survey, 63 percent of respondents have done just this.
Surprisingly, 74 percent of those employees believe that their companies approve of their method of sharing files. Personal email accounts are typically supported on public networks and can be made even less secure by the users’ choice of passwords and security questions, making them an appealing target for cybercriminals.
USB drives
USB drives are being used less frequently today; however, they still pose a clear threat when employees choose to store confidential information on unencrypted devices. Surveys have found that 63 per cent of respondents have used remote storage devices like USBs to carry confidential files. This is especially concerning as the majority of these personal devices will be unencrypted; therefore, the potential number of people with the ability to access the data is far greater.
While many organisations have chosen to ban the use of non-approved USB devices, these policies seem to have had little effect on employees.