Enterprise data security is often discussed, but data breaches —unless they are consumer facing and receive big headlines —are not. Yet by all accounts, the increased risk that has come with the increase in mobile devices in business is exponential, and the looming result of a breach is costly in multiple ways.
In fact, mobile incidents have a ripple effect. Add up the price of fines, legal fees, staff salaries and the result is staggering. Throw in private lawsuits or court orders to pay for credit monitoring and the risk is exponential —52% of large companies (The High Cost of Data Breaches) say the cost of mobile security incidents last year exceeded $500,000. Forty five percent of businesses with less than 1,000 employees reported costs exceeded $100,000.
Why haven’t we heard about more cases like this? Rajesh Ram, Egnyte Co-Founder & VP, in an email interview with Mobile Enterprise, said “The issue is that they do not want these breaches public and are not going to tell anyone about them. In other words, no one will talk about them, but they've happened quite a bit.”
He added, "I personally know of two breaches that have caused companies to look at our solution,” said Ram. “One of those was a large bank. The other was a large manufacturer that was made aware of one of their strategic planning documents that was in the public domain.”
As with the manufacturer, one of the larger risks involves the insecure sharing of corporate content through non-IT sanctioned cloud services. In the age of mobile, BYOD and employees who will enable themselves if not enabled by the enterprise, it’s not surprising these services are used, but scary to learn how much.
The survey “Rogue Cloud in Business, ” conducted online by Harris Interactive (on behalf of Egnyte) among more than 2,000 U.S. adults, illustrates a major exposure for today’s businesses when it comes to the transfer and storage of data.
For example, 31% of respondents said that they would share large documents that are too big for email through a file-sharing service without checking with their IT departments. The survey results underscore the fact that employees want easy access to files and will adopt tools that allow them to easily share and collaborate on projects, with or without IT’s consent.
Part of the problem too is that end users don’t see it as a problem; 51% of respondents to the survey think that collaborating on file-sharing services (such as Dropbox and YouSendIt) is secure for business documents.
The level of concern employees have about security was not taken into account here, but 41% agree that they could easily transfer business-sensitive data outside the company using a file-sharing service and 38% have actually done so at least once using unapproved file-sharing service; 10% have done it 6 or more times.
Employees that Move On
On top of the security issue, Ram said, “Another major issue for companies is access. Many employees still have access to files from previous companies who were using consumer-grade versions of Box and Dropbox, for example.”
According to the survey, more than 1 in 4 file-share service users reported still having access to documents from that previous employer. Plus, 46% admit that it would be easy to take sensitive business documents to another employer.
Bring Your Own Risk
Ram points out that mobile is a bigger risk because of BYOD. “Many mobile devices are employee owned. Without the right controls, files could be stored on the device and remain once an employee leaves.” And mobile provides even greater access since it’s in the hand nearly all the time; 45% of those surveyed said they could use their mobile device to access any file which they have permission to access through their computer.
Further, mobile devices are often lost or stolen. Stating the obvious, Ram said, having native encryption, remote wipe, passcode locks and ability to control if file can be synced offline is critical. Beyond that, the rogue usage of consumer-based cloud services here and any other similar apps and services, for that matter, illustrates the need for IT to instead deploy secure enterprise-grade solutions that meets of employees while protecting sensitive business data.