IT walks a fine line between balancing security issues and giving people the tools they need to get the job done. Every day companies move sensitive data around, and IT is in charge of securing that data, but what about the little things that tend to fall through the cracks?
According to data from several recent surveys there are a number of things your employees could be inadvertently doing that puts your company's sensitive data and information at risk.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]
A survey done recently by IPSwitch, an FTP software organization, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:
- To circumvent file-size limits prescribed for work email
- Third-party mail is faster and has fewer restrictions than corporate email tools
- For use in their next place of employment
- They find it difficult to connect to work email when outside of the office
- IT doesn't monitor what they're sending via personal email
Sanjib Sahoo, CTO at tradeMONSTER says he thinks about security and customer privacy a lot. Working in the online brokerage portion of the financial industry, data is his company's life's-blood, and as CTO, he puts extra emphasis on the security of his data.
[ Related Story: 5 Things PRISM Teaches CIOs About Doing Business in Today's World ]
"We have to put measures in place to protect against the loss, misuse, and alteration of the information of customer data and any other data which we control. At the same time, we put a lot of importance on our intellectual property, considering that we have numerous patents, granted and pending, for our technology and platform," says Sahoo.
This means new employees who might not be fully aware of risks and data policies need training in regards to the balanced culture of concern, awareness and trust. "We implement a strict security policy and access control policy when employees join [the company]," says Sahoo.
A recent survey done by Harris Interactive on behalf of Fiberlink highlights many of the challenges that today's IT departments are facing. In the survey, 2,064 U.S. adults were asked about their mobile behavior. Many of the behaviors below are done in a benign way in an effort to get the job done, but they still could potentially expose sensitive corporate data.
Using cloud storage services: More than 50 percent of people who responded to the Fiberlink survey reported uploading sensitive data to cloud services like Dropbox and iCloud. "Consumer file-sharing and synchronization services such as Dropbox are appealing to business users because they are accessible and convenient. However, it's those same attributes that make them a security concern for CIOs and IT professionals," says David Lingenfelter, the information security officer at Fiberlink.