Posts from ‘Uncategorized’
Ipswitch File Transfer conducted a survey of over 200 IT leaders and practitioners with security responsibilities about person-to-person file-sharing practices. And the results should alarm IT and security professionals.
Findings show that employees are circumventing IT staff by sending confidential and highly sensitive company files via means that are insecure and lack auditability. The results serve as a graphic reminder that when company systems hinder employee productivity, it’s both a security risk and bad for business.
There’s no way to sugarcoat the results of the survey, the highlights of which you can see in the Infographic below. You can also register to receive the full research report results and recommendations here.
Are Your Employees Putting Your Data at Risk? eBook
In our recent webinar “File sharing: Have employee habits put your company at risk?”, Michael Osterman of Osterman Research and David Boone of Ipswitch File Transfer spoke about the issues associated with trends in individual file sharing and the impact they have on businesses.
There is continued increased usage of rogue tools to share files and information when employees don’t have an adequate solution provided to them by their business. These tools include everything from personal email accounts (Gmail, Hotmail, Yahoo!) to cloud-based personal file sharing tools (YouSendIt, DropBox) all the way through to USB drives or what David refers to as “SneakerNet” — walking private data around the office on USB drives which can be easily misplaced or lost.
Michael and David also take a look at what information technology teams can do to deliver solutions to businesses that will address these risks, and tips on how to balance the need for end-user simplicity with the control, security and visibility required by the organization.
- Watch the on-demand webinar recording
Lastly they cover five key criteria to consider when selecting a business-class file sharing solution for your organization:
- Make sure it can handle unlimited file sizes.
- Confirm that minimal training is required to deploy it.
- Ensure it is secure. This includes utilizing encryption both in motion and at rest, and that the message itself is encrypted too.
- For successful user adoption, make sure it’s easy to use.
- Finally, make sure it’s easy to integrate into your existing environment.
For the full discussion between Michael and David as well as the question-and-answer session with the audience, we invite you to view the webinar recording. We also invite you to share this with any colleagues who you think may find it useful.
Corporate America is finally taking notice of its lax information-sharing practices. As data breaches continue to dominate headlines in 2011 and expose major vulnerabilities in the way organizations share and manage sensitive information, companies worldwide are demanding that their partners improve the way they send and receive files.
According to a new report by Ipswitch File Transfer (FT), nearly two-thirds of individuals surveyed at this year’s Infosecurity Europe Conference said their company is feeling increased pressure from customers and partners to improve the speed and security of file transfers.
“The successes of hacking groups like Anonymous and Lulzsec have opened the doors for boardroom conversations around information managementand security,” said Frank Kenney, VP of Global Strategy for Ipswitch FT and author of the report. “Companies are finally realizing that they may be at risk and are seriously reevaluating the way they exchange business information on a daily basis.”
According to Ipswitch’s new report, the problem for many organizations stems from corporate management not providing employees with suitable tools to send and receive large and confidential attachments. Without a company-mandated file transfer platform that makes it simple and secure to send and receive large files, employees are finding workarounds and throwing security and compliance out the window in the process. For instance, nearly 50 percent of individuals surveyed at Infosecurity Europe have been unable to send business-critical documents because their company’s server couldn’t handle the file’s size. And 78 percent said that, on numerous occasions, their corporate email system’s inability to handle large attachments significantly slowed productivity.
The result: Employees find risky workarounds – including personal email and remote devices to avoid the corporate information-sharing roadblocks:
- Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk. And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.
- Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information. Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.
While some organizations are providing employees with file transfer solutions to overcome size constraints, Ipswitch’s new report shows that too many platforms are failing to place enough emphasis on security. Less than 30 percent of companies leverage file expiration and password protection technology and only 15 percent of companies can actually confirm that their files have reached their intended recipients. At least 30 percent of companies don’t have any safeguards in place to secure file transfers.
“Employees will do whatever they need to be productive, and that includes going around corporate systems to send and receive business-critical information,” said Kenney. “It’s not enough to create policies that prohibit such risky behavior; organizations need to provide employees with a simple and secure tool that allows them to send and receive large files successfully.”
To hear the full results of the report, join us on September 8th for a webcast, “How Lessons Learned at Infosecurity Europe Apply to Person-to-Person File Sharing at Your Company.”
As a continuation of Ipswitch’s 20th anniversary celebration, we’ve decided to offer a “20″ themed deal! That means 20% OFF WS_FTP Professional today only – July 20th!
This special offer is available online only for all licenses of WS_FTP Professional (excluding site licenses). You just need to use coupon code: 20ON20.
Why WS_FTP Professional?
- Gain access to the world’s most popular file transfer client.
- Simplify tasks and enhance productivity with capabilities such as email notification, backup, synchronization, compression, post-transfer events, and scheduled transfers.
- Transfer files over FTP, SSL, SSH, and HTTP/S transfer protocols.
- Protect files before, during, and after transfer. Unmatched security is provided through 256-bit AES encryption, FIPS 140-2 validated cryptography, OpenPGP file encryption, and file integrity validation up to SHA-512.
Security researcher Derek Newton and a few Dropbox users have found a significant security hole in Dropbox. They published their results and Dropbox responded.
Dropbox’s response is not adequate. It’s not enough for them to bury their head in the sand and to say that this security gap is not their problem if a hacker has physical access to the computer. The very nature of Dropbox lets its users increase their physical presence onto many more computers. As such, these users are increasing the risk of their information being stolen and their businesses being compromised.
Instead, Dropbox needs to say what steps they are taking to close this security gap. If Dropbox wants to minimize the impact to their business and to increase their presence as a responsible corporate citizen, Dropbox needs to make this security issue theirs to resolve.
Encryption is the best way for Dropbox to proceed right now. Encrypting their configuration files would be the first and best place to start. Second, Dropbox (like Google or my credit card company) should monitor users’ accounts for unusual activity. Whenever they notice a blip or a change in user’s activity, they should send the user an email or SMS.
Third, no application or user should be given implicit access to a user’s files. All access needs to be explicit. An end user needs to specify each application and user that has permission to view, update, copy or remove their files.
As all our transactions become electronic, it’s more important than ever that securing the data, securing access to the data without compromising usability and authorized access is the number one requirement for software vendors.
