I’ve been sitting on some startling statistics for a couple weeks now, and it has been hard to keep my fingers quiet… But today is the day Ipswitch is sharing them with the world. Here are a few key takeaways from the survey that Ipswitch conducted at the recent InfoSecurity Europe 2010 show in London.
40% of IT professionals surveyed admitted to sending sensitive or confidential information through personal email accounts as a way to eliminate the audit trail of what they sent and to whom.
Let’s be clear: Almost half of IT professionals use their personal email as a way to send sensitive company files while hiding their activity from company auditing and reporting. Yikes, that’s a major security and compliance breach!
But wait, there’s more:
69% said that they send classified information, such as payroll, customer data and financial information, over email (with no security) at least once a month; 34% said they do it daily.
IT folks seem to be swayed by a similar set of drivers that as other worker bees – Namely, speed, convenience and the ability to send large files without the hassle.
This leaves us with an environment where IT professionals are:
(1) Feeling the same pains as their end users
(2) Smart enough to sidestep the very security and governance policies put in place
(3) Deliberately break company policy and controls as a way to hide what they are doing
And just establishing a file transfer policy isn’t enough. While 62% of organizations have file sharing policies in place, many don’t have the means or tactics in place to enforce them. Despite increasingly strict governance and compliance mandates, 72 percent of respondents said that their organizations lack visibility into files moving both internally and externally.
Organizations that lack true visibility, management and controls around sensitive information now find themselves wide open to all kinds of risks, namely data breaches and compliance. The fact that risk contributors include those tasked with protecting IT networks in the first place, and that it’s being done on a premeditated and recurring basis, just brings the whole situation to an entirely different level of ugly. Try explaining THAT to an eDiscovery judge!