Ipswitch Blog

IT professionals use personal email to hide their activity!

| August 3, 2010 | Compliance, Data Breach, Enforcement, Ipswitch News, Managed File Transfer, Secure File Transfer, Visibility

I’ve been sitting on some startling statistics for a couple weeks now, and it has been hard to keep my fingers quiet… But today is the day Ipswitch is sharing them with the world.  Here are a few key takeaways from the survey that Ipswitch conducted at the recent InfoSecurity Europe 2010 show in London.

40% of IT professionals surveyed admitted to sending sensitive or confidential information through personal email accounts as a way to eliminate the audit trail of what they sent and to whom.

Forty percent!

Let’s be clear:  Almost half of IT professionals use their personal email as a way to send sensitive company files while hiding their activity from company auditing and reporting.  Yikes, that’s a major security and compliance breach!

But wait, there’s more:

69% said that they send classified information, such as payroll, customer data and financial information, over email (with no security) at least once a month;  34% said they do it daily.

IT folks seem to be swayed by a similar set of drivers that as other worker bees – Namely, speed, convenience and the ability to send large files without the hassle.

This leaves us with an environment where IT professionals are:
(1)    Feeling the same pains as their end users
(2)    Smart enough to sidestep the very security and governance policies put in place
(3)    Deliberately break company policy and controls as a way to hide what they are doing

And just establishing a file transfer policy isn’t enough.  While 62% of organizations have file sharing policies in place, many don’t have the means or tactics in place to enforce them.  Despite increasingly strict governance and compliance mandates, 72 percent of respondents said that their organizations lack visibility into files moving both internally and externally.

Organizations that lack true visibility, management and controls around sensitive information now find themselves wide open to all kinds of risks, namely data breaches and compliance.  The fact that risk contributors include those tasked with protecting IT networks in the first place, and that it’s being done on a premeditated and recurring basis, just brings the whole situation to an entirely different level of ugly.  Try explaining THAT to an eDiscovery judge!


How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries
[ do default stuff if no widgets ]

Reader Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.