IT professionals using email to hide file transfer activity

The research, carried out by secure, managed file transfer firm Ipswitch, reveals that IT professionals are using personal email accounts to mask file transfer activity from management. More than one third (40%) of those surveyed at this year's Infosecurity Europe conference admitted to sending sensitive or confidential information this way, to eliminate the detection trail. That constitutes a potentially major security and compliance breach. Additionally, the research shows that, while not all personal email used to send business information is malicious, it is risky. More than two-thirds of respondents (69%) conceded that they send classified information – such as payroll, customer data and financial information – over unsecure email at least once a month; 34% said they do so daily. Frank Kenney, vice president of global strategy at Ipswitch, says the most common reasons cited are speed, convenience and the ability to send large files without hassle. "Employees will almost always take the path of least resistance, even if that unintentionally means violating company policies and breaking security protocols," points out Kenney. "Businesses need complete visibility into the files that are moving internally and externally company-wide, with a file transfer approach that makes it fast and easy for employees to securely exchange information with customers, partners and colleagues," he insists. He also says that establishing file transfer policies isn't enough. While the most firms in Ipswitch's survey (62%) seem to have file-sharing policies in place, many don't have the means to enforce them. Despite increasingly strict governance and compliance mandates, 72% said they lack visibility into files moving both internally and externally. "With thousands of gigabytes of information moving in-and-out of companies every month, executives need visibility into who's sending, receiving, and forwarding business-critical documents for security and compliance purposes," states Kenney. "It's far too easy for information to get into the wrong hands, evident by hundreds of data breaches in the first half of this year alone. Unless companies communicate and enforce file-transfer policies, with total visibility and company-wide management, their risk of a breach will continue to rise."