Most people transfer at least one file or more a day without giving it much thought. But chances are high those files contain some form of sensitive information. In fact, a new survey of 200 IT professionals in the financial services sector conducted by Blackberry illustrates how pervasive this issue has become.
Announced this week at a Blackberry Security Summit event, the survey finds there were security breaches caused by the use of personal email and file-sharing accounts (20 percent) as well as the use of personal software or devices for corporate business (20 percent). The survey also finds that one-third of the IT professionals reported end users in their organization are using file-sharing applications not approved by IT.
Blackberry chief security officer (CSO) Alex Manea says that same scenario is playing out across a broad range of vertical industries. Worse yet, Manea says a lot of this activity is malicious. The Blackberry survey finds 17 percent suffered a security breach because of the activity of a bad actor in their organization such as a disgruntled employee. That compares to 25 percent that suffered a breach simply because somebody made a mistake.
In all, a full 65 percent of the IT professionals surveyed reported they were uncertain if their business protocols around collaboration and file sharing meet regulatory requirements.
There are two big issues IT security professionals need to confront when it comes to file sharing. The first is simple inertia. Many end users have simply fallen into the habit of using consumer-grade services to transfer files. IT security professionals not only need to aggressively educate users about the potential dangers of using those services; they need to block access to them from corporate networks. End users, of course, can easily navigate their way around those policies. But at the very least blocking access from a corporate network serves as a reminder of the risk.
The second major issue is the quality of the file transfer experience being provided by IT. Internal IT departments are not always known for selecting software that is easy to use. File transfer software can’t be consumer-grade when it comes to security. But in terms of ease of use, anything that provides less than a consumer-grade experience simply won’t be used. In the name of productivity, end users will do an end run around a bad application experience every time.
In an ideal world, every file would be encrypted at rest and in motion. The primary issue on the backend that prevents most organizations from implementing encryption everywhere is all the overhead associated with managing encryption keys. Because of that issue, most files are likely to remain unencrypted. Manea notes that new regulations such as the General Data Protection Rule (GDPR) being implemented by the European Union may force these and other security issues related to file transfer to be addressed. In the meantime, IT security professionals would be well advised to investigate how files are being transferred inside and out of their organization. Chances are, they are not going to like what they discover.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.