Security Experts:

Symantec: Online File Sharing is Risky Business for SMBs

Employees at small- and medium-sized businesses are increasingly adopting unmanaged, personal-use online file sharing solutions without the “ok” from their IT department, something that appears to be part of the broader trend of the consumerization of IT. That is according to the results of Symantec’s 2011 SMB File Sharing Survey released on Tuesday.

The survey was conducted by Applied Research in November 2011 and fielded responses from decision-makers at 1,325 worldwide SMB organizations with 5 to 500 employees.

The survey revealed that these early-adopters who are driving the use of file sharing technology are putting their companies at risk to increased security threats and potential data loss.

"A staggering 71 percent of small businesses that suffer from a cyber attack never recover -- it's fatal," said Rowan Trollope, group president, SMB and .cloud, Symantec. "As the fastest adopters of cloud technologies, such as file sharing, SMBs need to use safe practices, especially when using a solution that might not be built for businesses. As employees increasingly adopt consumer cloud services at work, the risk to SMBs only grows."

Key Survey Discoveries

Employees influence adoption of file sharing solutions internally: Seventy-four percent of respondents said they adopted online file sharing to bolster their own productivity. Also, 61 percent of respondents reported employees to be somewhat-to-extremely influential when it comes to adopting file sharing solutions internally, on par with mobile device usage (63 percent), PC/laptop/tablet usage (64 percent) and social media usage (53 percent).

Security and data loss are potential file sharing risks: Many respondents recognized the potential risks that poorly managed file sharing practices can bring into their organizations. Among respondents, risks cited as potential concerns included sharing confidential information using unapproved solutions (44 percent), malware (44 percent), loss of confidential or proprietary information (43 percent), breach of confidential information (41 percent), embarrassment or damage to brand/reputation (37 percent), and violating regulatory rules (34 percent). Moreover, the lack of policy enforcement also enhances risks for many respondents as more than one-fifth (22 percent) of respondents have not implemented policies restricting how employees can access and share files.

File sharing behaviors could expose SMBs to risk: Employee behaviors around file sharing indicate further potential for security risk. When asked what employees might do when they need to share a large file, respondents indicated they would either ask IT for help (51 percent), use a solution suggested by a customer, contractor or partner (42 percent), utilize the IT system in place (33 percent), or search online and download a free solution (27 percent). Furthermore, 41 percent indicated damaged brand reputation was a concern when it comes to file sharing.

Files are getting bigger: Many of the files shared internally and externally are significantly increasing in size. One in seven (14 percent) respondents reported the average size of files currently shared by their organization to be more than 1 GB while three years ago, only 6 percent reported the average file size to be more than 1 GB.

SMBs are more distributed: Respondents indicated the number of employees working remotely and/or from home has gradually increased over the past three years, and the number is projected to increase. Respondents predicted that one year from now 37 percent of SMB organizations will have employees working remotely (up 22 percent from three years ago and 32 percent today), and 32 percent will have employees who work from home (up 20 percent from three years ago, and 28 percent today).

While the fact that free-flowing files moving in and out of an organization’s network poses a threat should come as no surprise, there are some relatively simple steps organizations can take in order to reduce risk.

Symantec recommends that SMBs centralize file storage and management with a secure web-based system that is accessible regardless of device or location so that companies protect data outside the office walls. Additionally, Symantec advises that organizations implement access controls and permissions to keep private files safe and separate from work content and maintain oversight into how and when business files are shared. These recommendations are by no means exhaustive, but can serve as good starting point.

Many firewalls now come with "next generation" capabilities even for small businesses, that allow much more control over what types of sites may be accessed and services used, along with the types of files and visbility into the happenings across business networks. It's important to not just have secure storage, but keep an eye on what's coming in and going out, and the source of some of the files that enter business networks.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.