Widespread Use of Consumer-Grade File-Sharing Threatens Enterprise Security

The security risks of using the consumer versions of file-sharing apps like Dropbox for enterprise assets have been well-documented, but many workers persist in doing so. In a recent survey, nearly half (46%) of respondents admitted that they have stored confidential company information on their personal file sharing and sync apps.

The survey, conducted by M-Files, also found that alarmingly, 37% of employees said they store and/or share business documents via their personal file sharing and sync solutions "all of the time." Less than half (47%) said they do so infrequently.

The Holy Grail of information management is two-pronged: to enable a more collaborative workplace with easy sharing capabilities that enable access to content from anywhere, at any time and on any device; but to do so in a secure fashion. In chasing the first goal, companies are ignoring the second: the study showed that companies aren’t putting rules around how employees are handling their sensitive data when it comes to those apps.

A full 56% of employees said their companies do not have policies in place that prohibit the use of personal file sharing and sync solutions for storing and sharing company documents, while 14% said they did not know if their company had any rules governing that or not.

The problem is that lax security policies and practices have real-world consequences: a quarter (25%) of employees said that employee use of personal file sharing and sync tools has led to security breaches, data loss, non-compliance issues, loss of control over documents or other problems.

“Unregulated use of personal file sharing and sync solutions represent a serious security and compliance threat for companies, because employees can share sensitive information with external parties, or store documents on their personal devices, completely out of their organization's control,” said Greg Milliken, vice president of marketing at M-Files, in a statement.

M-Files also uncovered that of the 61% of employees who cited that their company uses an enterprise content management (ECM) or document management system, only 39% said that it integrates with their file sharing and sync applications.

"Employees continue to use personal file sharing apps for sensitive documents, even when their company has banned the use of such tools, and they do so because they often find these tools more accessible and easier to use than ones provided by their company," Milliken said. “However, as the popularity and adoption of file-sharing and sync tools has grown, an increasing number of companies have become aware of the need to balance security and data protection against their employees' need for a simple solution for sharing documents and collaborating with individuals and businesses outside of their organization.”

What’s Hot on Infosecurity Magazine?