Last week Symantec posted the results of their 2011 SMB File Sharing Survey, revealing that online file sharing poses the greatest security risk to SMBs. These results do not come as a surprise, as unsecure and unregulated freemium file sharing services (with millions of simultaneous users on a shared platform) have crept onto corporate networks at an unprecedented pace—74 percent of survey respondents said “they adopted online file sharing to bolster their own productivity”.
The problem is that the employees concern for boosting their productivity takes precedent over corporate security. In fact 61 percent, of the 1,325 organizations surveyed, said that employees are the ones making the decision about which file sharing services are being used. The problem is that if IT is not actively managing these services, it is impossible to monitor and track the confidential corporate data being exchanged, which increases security threats including introducing malware into the corporate infrastructure and loss or compromise of confidential and valuable data.
I liken this to a teenager buying her first car—she wants something cheap that she can drive immediately—she’s completely unconcerned about the safety of the vehicle and how its vulnerabilities might ultimately affect those around her. Employees bringing in free file sharing solutions, that can be downloaded and in use within minutes are unconcerned how using it at work might affect the corporate infrastructure. According to Rowan Trollope, group president of SMB and Cloud at Symantec, “A staggering 71 percent of small businesses that suffer from a cyber-attack never recover–it’s fatal.” So how can the IT department help employees understand how their actions might put their organization at risk?
Every organization, regardless of size, should have security policies in place that restrict how employees can access and share files. However, more importantly, IT departments must provide the tools that their business users need by providing enterprise class secure file sharing solutions that will increase employees’ productivity without jeopardizing the organization’s network and information security.