Forget hackers – ill-informed employees are the real danger to your business

One small USB stick can cause havoc when lost
One small USB stick can cause havoc when lost

In the last few years we have seen a dramatic rise in the distribution and mobile use of data by organisations. This has resulted in growing pressure on IT teams to refocus on security. Beyond this mounting pressure, there is an increasing concern amongst business leaders about corporate data getting into the wrong hands, as well as the ramifications of that data ending up in the wrong hands.

For many business leaders, threats often come from cybercriminals wishing to gain access to sensitive data – however, we are continuing to see even more widespread breaches as the result of internal employee errors.

Within organisations, there appears to have been a lack of leadership surrounding the importance of data protection. With the development of wireless and remote technologies, employees are increasingly required to share data across the internet. Additionally, staff are using their own mobile devices and carrying out unsafe file sharing practices often without the knowledge of superiors. This produces a number of inherent threats.

Typically corporate infrastructures are intrinsically more secure; however, when data leaves the corporate infrastructure, it is left open to attack. With so much data being shared unsafely, many organisations have fallen into one of these traps: using public cloud platforms to share corporate data, sending emails across unsecured networks or using unencrypted mobile devices, or in some cases, all of the above.

Dangerous file sharing practices

Consumer-grade file sharing solutions are great for consumers who wish to share photos and other low security files. However, consumer-grade file sharing solutions lack enterprise-level auditing and controls, which are necessary to share confidential files.

More importantly, consumer services like Dropbox and iCloud are increasingly on the radar of cybercriminals, who are aware of the large number of corporations using their services. In a recent Globalscape survey we found that a staggering 45% of employees openly admit to using consumer-grade file sharing solutions to share confidential corporate information. It is essential that more employees are made aware of the inherent risks involved with using this technology.

The number of staff members carrying out dangerous file sharing practices, completely unaware of the fact that they are risking their organisation's reputation and potentially putting themselves out of compliance with the Data Protection Act, is a major issue.

We are also increasingly seeing staff using unencrypted USB devices to store confidential corporate information. While many organisations have banned the use of unencrypted mobile devices in the workplace, we found that 63% of employees have used these devices to transport confidential data.

Even more troubling are the statistics for emails. Often compared to postcards, because anyone can read them, email is already generally regarded as an unsafe means to distribute confidential information. Our research has shown that 63% of employees have shared confidential files to and from their personal email accounts, which will typically be more vulnerable than a corporate environment.

Even more surprising is that 74% of those employees believe that their employers approve of this method of sharing files. With personal emails typically supported on public networks, businesses have no control of their files being shared on these systems, and as with public clouds, their high-profile nature makes them an appealing target for cybercriminals.

Education is paramount

These statistics clearly demonstrate a need for education and leadership. Many organisations have strict protocols on the safe sharing of files; however, it seems these are largely being ignored by employees who are unaware of the potential risks.

It is critical that businesses educate their employees, and in turn, retain full control of their data. Some companies already have processes in place and are investing in managed file transfer systems, which is a great first step – however, this must be accompanied by employee education.

Providing an environment where safe file sharing is an essential best practice is relatively simple through ongoing education and top-down leadership. Ultimately it will pay significant dividends through the prevention of internally caused data breaches.