The majority of employees have sent sensitive work documents via personal email, and most of them are unaware that their company doesn’t allow that file-sharing behavior, according to a recent survey by GlobalSCAPE, a secure data-sharing solutions provider.
The survey of more than 500 employees from various companies found that 63% of them had sent sensitive work documents from a personal email address, and 71% of those employees were wrongly under the impression that their company approved such use of personal emails. Of those employees that use personal email to share work documents, 73% of them said they do so at least once per month. And of that group, nearly a third said they have had their personal email hacked in the past.
[For More On Enterprise Security, Check Out: 7 Security Predictions for 2014 from Booz Allen Hamilton]
The GlobalSCAPE survey also found that 45% of the respondents had used sites like DropBox and Box.net to share work documents, and 30% of them had saved work files on cloud storage services. The reliance on cloud storage services is particularly risky when considering typical password behavior, with 52% of the respondents admitting that they use the same password for most or all of their personal accounts online, the report said.
Demonstrating the need for greater employee training and education on company policies, 22% of the respondents said that they didn’t know if their company had a policy around sharing sensitive work files.
Out of the employees who said their company did have a policy in place for sending sensitive work documents, 54% said that they still use their personal email to do anyway.
The top reason for using insecure methods for file sharing was familiarity and ease-of-use, which was cited by 51% of the respondents. Other popular reasons cited included the need to share large files (46%) and the ease of accessing work documents remotely (43%).
“Employees today are getting savvier and savvier about the tools available for personal use. If enterprises have any hope of enforcing secure tools and policies at work -- those solutions must be simple to use and easily integrate into the daily routines of those handling sensitive data,” James Bindseil, president and CEO of GlobalSCAPE, said in the report.