The survey of 1,325 executives at SMBs revealed that employees are increasingly using unmanaged, personal-use online file-sharing products without permission from IT.
“Employees are increasingly bringing consumer-grade file sharing services into their businesses. There are strong security concerns about this trend, particularly from the data loss perspective”, Anthony Kennada, senior manager for emerging cloud products at Symantec, told Infosecurity.
Security risks cited as potential concerns of online file sharing include sharing confidential information using unapproved products (44%), malware (44%), loss of confidential or proprietary information (43%), breach of confidential information (41%), embarrassment or damage to brand/reputation (37%), and violating regulatory rules (34%). Moreover, the lack of policy enforcement also increases risks for many SMBs as more than one-fifth (22%) of respondents have not implemented policies restricting how employees can access and share files.
“Essentially, you can download and install a consumer-grade file sharing solution in about 12 seconds and just as easily take a file off of Sharepoint, drag it onto the solution, and essentially the file is gone, out of IT’s governance. That file could live anywhere”, Kennada related.
“We know that some of these consumer-grade tools have had some very public data breaches. Last summer, for example, there was a two-hour window where I could access anybody’s Dropbox account by simply putting in a user name, no password was required”, he said.
When asked what employees might do when they need to share a large file, respondents indicated they would either ask IT for help (51%); use a product suggested by a customer, contractor, or partner (42%); utilize the IT system in place (33%); or search online and download a free product (27%). Furthermore, 41% indicated damaged brand reputation was a concern when it comes to file sharing.
Many of the files shared internally and externally are increasing in size. One in seven (14%) respondents reported the average size of files currently shared by their organization to be more than 1 gigabyte, while three years ago, only 6% reported the average file size to be more than 1 gigabyte, according to Symantec.
Respondents indicated the number of employees working remotely and/or from home has gradually increased over the past three years; that number is projected to increase. Respondents predicted that one year from now 37% of SMBs will have employees working remotely (up 22% from three years ago and 32% today), and 32% will have employees who work from home (up 20% from three years ago, and 28% today).
Symantec recommended that SMBs implement the following best practices to ensure employees share files securely: centralize file storage and management with a secure web-based system that is accessible regardless of device or location, so that companies protect data outside the office walls; implement access controls and permissions to keep private files safe and separate from work content; maintain oversight into how and when business files are shared; and implement a scalable system that can grow with the business.