Employees who use personal email, removable storage devices and cloud storage to move work files pose one of today's biggest threats to corporate data, according to a survey conducted by data security firm Globalscape.
Nearly two-thirds of employees - 63% - use personal email to transfer work files, potentially leaving workplaces exposed to hacks against their accounts. Across the 500 employees surveyed, nearly half used unsecured channels to transfer work files several times a week, according to ZDNet’s report.
Globalscape, which offers secure email and file transfer to corporate clients, describes the practice as '2014's biggest threat' to corporate data. Sixty-three percent of the consumers polled by the company regularly used remote storage devices, such as USB drives, to transfer confidential files, and 45% have used sites such as Dropbox to share sensitive business information - with 30% using such personal cloud services to store work files.
"Millions of employees are actively using consumer-grade tools, like personal email, social media, and file sharing sites, to move confidential work files every day,” said James Bindseil, president and CEO of Globalscape. “While the intent is typically harmless, these actions can have serious security and compliance ramifications.”
“We found that 80% of employees surveyed that use personal email to transfer sensitive work files do it at least once a month. Even scarier: nearly a third of that group knows for a fact that their personal email has been hacked at least once – yet they continue to put company information at risk.”
Employee ignorance is partly to blame - only 47% of those surveyed thought that their employer had a policy relating to the transfer of sensitive files. But employees at companies with clear policies on the practice still find ways around it - 54 percent still use personal email, and 62 percent still use remote devices.
ESET researcher Stephen Cobb offers tips for small businesses on information security in a We Live Security how-to on information security policies, and a basic We Live Security how-to explains some of the pitfalls that can lead to becoming the 'Bring Your Own Disaster' guy - including the use of personal devices to transfer work files.