Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Symantec: Online File Sharing is Risky Business for SMBs

Employees at small- and medium-sized businesses are increasingly adopting unmanaged, personal-use online file sharing solutions without the “ok” from their IT department, something that appears to be part of the broader trend of the consumerization of IT. That is according to the results of Symantec’s 2011 SMB File Sharing Survey released on Tuesday.

Employees at small- and medium-sized businesses are increasingly adopting unmanaged, personal-use online file sharing solutions without the “ok” from their IT department, something that appears to be part of the broader trend of the consumerization of IT. That is according to the results of Symantec’s 2011 SMB File Sharing Survey released on Tuesday.

The survey was conducted by Applied Research in November 2011 and fielded responses from decision-makers at 1,325 worldwide SMB organizations with 5 to 500 employees.

The survey revealed that these early-adopters who are driving the use of file sharing technology are putting their companies at risk to increased security threats and potential data loss.

“A staggering 71 percent of small businesses that suffer from a cyber attack never recover — it’s fatal,” said Rowan Trollope, group president, SMB and .cloud, Symantec. “As the fastest adopters of cloud technologies, such as file sharing, SMBs need to use safe practices, especially when using a solution that might not be built for businesses. As employees increasingly adopt consumer cloud services at work, the risk to SMBs only grows.”

Key Survey Discoveries

Employees influence adoption of file sharing solutions internally: Seventy-four percent of respondents said they adopted online file sharing to bolster their own productivity. Also, 61 percent of respondents reported employees to be somewhat-to-extremely influential when it comes to adopting file sharing solutions internally, on par with mobile device usage (63 percent), PC/laptop/tablet usage (64 percent) and social media usage (53 percent).

Security and data loss are potential file sharing risks: Many respondents recognized the potential risks that poorly managed file sharing practices can bring into their organizations. Among respondents, risks cited as potential concerns included sharing confidential information using unapproved solutions (44 percent), malware (44 percent), loss of confidential or proprietary information (43 percent), breach of confidential information (41 percent), embarrassment or damage to brand/reputation (37 percent), and violating regulatory rules (34 percent). Moreover, the lack of policy enforcement also enhances risks for many respondents as more than one-fifth (22 percent) of respondents have not implemented policies restricting how employees can access and share files.

File sharing behaviors could expose SMBs to risk: Employee behaviors around file sharing indicate further potential for security risk. When asked what employees might do when they need to share a large file, respondents indicated they would either ask IT for help (51 percent), use a solution suggested by a customer, contractor or partner (42 percent), utilize the IT system in place (33 percent), or search online and download a free solution (27 percent). Furthermore, 41 percent indicated damaged brand reputation was a concern when it comes to file sharing.

Advertisement. Scroll to continue reading.

Files are getting bigger: Many of the files shared internally and externally are significantly increasing in size. One in seven (14 percent) respondents reported the average size of files currently shared by their organization to be more than 1 GB while three years ago, only 6 percent reported the average file size to be more than 1 GB.

SMBs are more distributed: Respondents indicated the number of employees working remotely and/or from home has gradually increased over the past three years, and the number is projected to increase. Respondents predicted that one year from now 37 percent of SMB organizations will have employees working remotely (up 22 percent from three years ago and 32 percent today), and 32 percent will have employees who work from home (up 20 percent from three years ago, and 28 percent today).

While the fact that free-flowing files moving in and out of an organization’s network poses a threat should come as no surprise, there are some relatively simple steps organizations can take in order to reduce risk.

Symantec recommends that SMBs centralize file storage and management with a secure web-based system that is accessible regardless of device or location so that companies protect data outside the office walls. Additionally, Symantec advises that organizations implement access controls and permissions to keep private files safe and separate from work content and maintain oversight into how and when business files are shared. These recommendations are by no means exhaustive, but can serve as good starting point.

Many firewalls now come with “next generation” capabilities even for small businesses, that allow much more control over what types of sites may be accessed and services used, along with the types of files and visbility into the happenings across business networks. It’s important to not just have secure storage, but keep an eye on what’s coming in and going out, and the source of some of the files that enter business networks.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...