Email and file-sharing apps threaten your business

Anyone who thought email was yesterday’s news might want to think again. By 2019 there will be an estimated three billion email users across the world. That’s a third of the global population. And all those busy people will send and receive around 246 billion emails every day.

One hundred thirty billion of those emails will be business related. The average business user will send and receive around 126 emails daily. Unfortunately, we can also expect a corresponding rise in spam. The move towards online business and popularity of social media are just two factors driving this growth in email usage according to the Radicati Group, a technology market research firm.

Negligent insiders

[caption id="attachment_100605" align="alignleft" width="400"]

Headache, information overload

Image source: Shutterstock/Robert Kneschke[/caption]

The undiminished popularity of email does have a downside. A Ponemon Institute research report found that 61 per cent of employees confessed to sending unencrypted emails, forwarded confidential files and sensitive documents to the wrong people, and used personal file-sharing apps in the workplace. Something like 75 per cent of large organisations suffered a staff-related data breach in 2015 according to a UK government survey. A severe data breach is now estimated to cost larger businesses (over 500 employees) between £1.46 million and £3.14 million. The direct and indirect costs of a data breach on smaller firms are comparable to bigger organisations. However, smaller firms might not survive the subsequent fallout of reputational damage and lost business.

North Somerset Council was hit by a £60,000 penalty after five emails were sent to the wrong NHS employee. Some of the emails sent contained highly confidential information. Another council employee sent unencrypted email to the wrong person. Even after being informed of the error, the council employee continued emailing this individual. The Information Commissioner’s Office (ICO) found the Council had failed to train staff on data protection, and recommended they adopt encryption when sending information electronically.

Who cares about data security?

Interestingly, perceptions and attitudes towards a company’s information security differ among members of staff. Senior managers have a tendency to overestimate the quality of their security provision, for example. Ordinary members of staff often think of data security as an IT issue, and nothing to do with them. Many managers also underestimate the dangers posed by negligent insiders versus external cyber-attackers. Research by Absolute found that Millennials (people born between the 1980s and 2000) represent the greatest threat to corporate data security. Sixty-four per cent of Millennials use work devices for personal use, and 35 per cent modify the settings to please themselves. They probably do this because 27 per cent of them admit to viewing unsafe content. Most worryingly, 25 per cent of Millennials believe they compromise IT security but just don’t care.

Encryption

[caption id="attachment_138271" align="alignright" width="400"]

Data encryption

Photo credit: Rawpixel.com / Shutterstock[/caption]

There are a number of different options when it comes to protecting your corporate data from negligent insiders. You could switch to encrypted email. Outlook offers email encryption for single or all outgoing messages. Encryption covers any email attachments too. Depending on your use case, you might decide that you need to buy dedicated email encryption software from someone like DataMotion, Trend Micro or Symantec. Secure email will certainly lessen your company’s data vulnerability. However, email isn’t the ideal solution when you want to send large files.

File sync and share

File sync and share applications, such as Dropbox, Google Drive and Microsoft OneDrive have become incredibly popular alternatives to email for file sharing. Most company IT departments impose file size restrictions on email attachments. A fear of computer viruses means some companies block incoming emails with attachments. Although levels of spam have decreased a little in recent years, it still accounts for 56 per cent of all email traffic world-wide according to the statistics portal Statista. Spam isn’t going away anytime soon.

Jurisdiction and compliance

Cloud-based file sync and share applications enable users to transfer files of any size and type with few restrictions and across multiple devices. As of March 2016 Dropbox is reported to have 500 million users with 1.2 billion files uploaded daily. The disadvantages of using free file sharing applications include security deficiencies, compliance issues, restricted feature sets, file storage limitations and lack of administrative control and oversight. Many regulated industries, for example, require files be retained in local data centres under home jurisdiction rather than on overseas servers where different laws might apply. Currently Dropbox only uses US-based storage, which can make it totally unsuitable for many firms operating under EU law. The US government can also access all your data whenever it feels justified to do so while it resides on American servers.

Designed specifically for business users, enterprise file sync and share (EFSS) software is the natural alternative to consumer-grade file sharing apps. EFSS solutions come with all the security, compliance, collaborative and administrative tools required by big businesses. However, they can also come with hefty price tags and take a while to get up and running. A third option is to look at managed file transfer (MFT) systems.

Managed file transfer

mobile data security

Managed file transfer systems provide security, reliability and traceability when it comes to sending confidential files and sensitive documents internally and externally. There are no file size restrictions or storage limitations to worry about. Systems can be hosted on premise, on a private or public Cloud server. MFT systems encrypt files at rest and during transfer to ensure your data security. Data encryption also helps companies meet regulatory compliance standards. Although systems may vary in terms of features, functionality and price they should all provide a file-sharing audit trail and reporting capability. Typically, once installed systems are user-friendly and easily managed.

When it comes to sending large files with speed and reliability, MFT systems are hard to beat. When we tested our own ccDevnet goTransfer MFT system we found that it transferred a 1GB file between 30 per cent and 40 per cent faster than popular Cloud-based file sharing apps like Dropbox. What’s more, during beta testing we found that the simple notepad feature allowed users to communicate with the ease and convenience of email without any of the negatives.

A policy isn’t a plan

To ensure the integrity of your data from all threats requires more than technology. Companies need to cultivate an information security climate, where everyone understands the risks and feels personally responsible for safeguarding corporate data. Simply having an information security policy is not enough to protect you. Seventy-two per cent of all organisations where the security policy was poorly understood still experienced a staff-related data breach. Instead, organisations must develop coherent internal communications and training strategies that create a data security conscious workforce.

Take action

First, clear objectives and measurement criteria need to be set for any information security programme you intend to run. Next, a key member of the senior management team must take overall responsibility for driving the initiative forward. Similarly, departmental heads and line managers must be fully engaged and trained so they become vigorous advocates of a data security first mentality. Every new and existing member of staff must go through some form of information security awareness programme. This might be reinforced by a reward, recognition and incentive scheme. Finally, results should be published against agreed objectives so that everyone knows how the company is performing. The programme should be refreshed regularly to reflect the changing nature of data security threats and responses.

Charlie Trumpess, senior marketing professional & copy writer

Image Credit: Laurent Renault / Shutterstock