Enterprises are failing to protect sensitive information moving internally and externally.
A new study by Ipswitch, Inc., the secure, managed file transfer company, found that more than 70 percent of IT executives surveyed at the RSA conference earlier this month have absolutely no visibility into files moving out of their organisations.
A full 64 percent said that they have no visibility into files moving internally, either.
“With hundreds of data breaches over the past five years resulting in multi-million-pound consequences, it’s hard to believe that organisations still don’t have the right solutions in the right places to protect sensitive information,” said L. Frank Kenney, VP of Global Strategy at Ipswitch File Transfer.
“You may be investing heavily on business applications and their inherent security requirements but if you’re not monitoring and enforcing policies with respect to the information moving both internally (between business applications and people) and externally (between you and your business partners and collaborators), the consequences are dire.”
Is Your Business-Critical Information Walking Out the Door?
USB flash drives, removable disk drives and cell phones are making it easier than ever for employees who need to transfer large files – and harder than ever for companies to monitor and protect sensitive information.
Nearly 90 percent of survey respondents admitted to using thumb drives or other external devices to move work-related files – posing a huge security risk to organisations.
“Portable devices are far too easily lost or stolen,” said Kenney. “And while most employees have good intentions, USBs are one of the easiest ways for insiders to compromise business-critical information.
IT managers need to make it easier for people in their organisation to move information securely.
By decreasing reliance on transferring physical media and focusing more on easy-to-use browser-based or email plug-in solutions, information will be better governed.”
A 2009 study by the Ponemon Institute of nearly 1,000 recently terminated individuals revealed that:
· 42 percent used USB memory sticks to take business data
· 38 percent sent documents as attachments to personal email accounts
Ipswitch, which helps organisations address the critical need for end-to-end visibility, management and enforcement around sensitive data, found that 66 percent of survey respondents admitted to using personal emails to send work-related files.
The result: no security, no audit trail, and no visibility into what information is being sent, to whom, when.
In addition, more than 25 percent admitted to sending proprietary files to their personal email accounts, with the intent of using that information at their next place of employment.
Information Security Mandate: Establish and Enforce Policies around File Transfer
Nearly half of the IT executives surveyed said that their companies do not provide employees with a fast-and-effective way to securely send files, forcing employees to rely on removable devices and personal email accounts to bypass size limitations imposed by applications like Microsoft Outlook.
Only 49 percent of respondents work at companies that have established policies for sending files internally, and only 53 percent work at companies that have set policies for transferring files externally.
“Companies can’t enforce policies that don’t exist,” said Kenney. “Protecting sensitive information requires enterprise-wide visibility and management of files moving person-to-person, person-to-machine, machine-to-machine, internally and externally.”
Ipswitch File Transfer solutions are used by thousands of retail, financial services, healthcare, media and manufacturing organisations worldwide to:
· Quickly and securely share files
· Create and enforce policies around sending files
· Enable complete visibility into all file sharing activities for company-wide compliance and governance
· Proactively monitor and manage file-sharing interactions, both internally and externally