We often hear about the external threats to the security of important company information. What about the dangers within? An ignorant or careless employee can do as much damage to your business as any skilled hacker. It’s like the difference between someone breaking into your home and stealing a priceless baseball card and your child innocently taking it to school to trade with a friend. The loss is the same, but one was the result of unfortunate circumstance whereas the other resulted from a lack of communication. The same is happening in companies the world over as executives neglect to impress upon their employees the importance of protecting company data, especially when that data is clients’ personal information.
For example, security vendor Cryptzone surveyed 100 SharePoint users at a November 2011 SharePoint Saturday conference and discovered that 30% of them would risk removing company information from SharePoint, even if doing so would make the information less secure, in order to “get their jobs done.” Given how much everyone talks about the importance of productivity, this response isn’t a huge surprise. Business leaders themselves convey to their employees that productivity trumps all, not security. Whether this is the message business leaders intend to send or not, it’s the one that many employees are receiving.
More disturbing is the fact that 45% of respondents admitted that they regularly copied sensitive or confidential information from SharePoint and saved it to their computer hard drives, USB drives or emailed it to someone else. Clearly, employees are either unclear about or unaware of their companies’ policies on such matters, or their companies have no such policies for them to follow. One contributing factor to employees’ ability to copy and email sensitive information is the fact that SharePoint end users too often have access to more data than they should.
So, who’s responsible for securing SharePoint? IT departments in most cases. But nearly one-fourth of those who responded to Cryptzone’s survey had no idea.
Such alarming statistics indicate that business leaders and their IT teams have their work cut out for them. Companies that don’t already have security policies established might want to consider establishing some sooner rather than later. Those that already have data security policies might want to consider making their employees aware of them and training them on how to make adhering to these policies part of their daily routines.
Another thing business leaders might want to consider is preventing anyone from copying information without first getting approval from someone else. This would reduce the likelihood of a disgruntled or newly fired employee absconding with valuable client lists or intellectual property.
Although storing data in the cloud is safer than filing documents away in a file cabinet, if company leaders don’t establish protections that limit employees’ access to certain files and teach them how to adhere to established data security policies, they’re, in effect, playing with fire. These additional protections are the perfect complement to the security measures that many business leaders already take to protect their businesses from external threats.
Are you looking for the best SharePoint security consultants for your business? Give us a call and one of our SharePoint specialists will be able to support you.