A new survey has revealed that employees regularly share sensitive company data via cloud-based applications such as Dropbox, Gmail or Facebook, offering hackers easy access to information which could be negatively exploited.
The survey, conducted by web security company Blue Coat and market research firm YouGov, looked into attitudes toward cloud sharing of 3,130 workers in various industries in the UK, Germany and France.
They found that 49 per cent of British employees regularly use cloud-based apps to share data either with their colleagues, customers or suppliers, or to access them from home or when travelling.
“It could be marketing data, such as presentations or advertising material, financial data, including credit card numbers or banking information or even IT data such as passwords and credentials,” explained Robert Arandjelovic, Blue Coat’s Director of Security Strategy, EMEA.
“Once the data leaves the company’s secured networks, the company has no control over it, but is risking huge liabilities because such data is frequently protected by privacy laws, especially in Europe.”
It’s not only the employee or the person with whom he or she shared the data who could potentially misuse the information. Cloud-based applications, protected only by user-selected passwords, can easily be hacked.
“This is especially a problem if the leaked data is IT data. The stolen credentials can subsequently be used in another attack designed to steal other types of information.”
In a similar way to Facebook CEO Mark Zuckerberg, whose social media accounts have been hacked earlier this week, many workers reuse their passwords multiple times, frequently to protect their professional as well as their private cloud-based accounts.
The password, which the hackers used to gain control over Zuckerberg’s Twitter and Pinterest account, was found in the recent LinkedIn data dump.
As the Blue Coat survey revealed, workers in higher executive positions who have more responsibilities tend to use cloud-based services more often than those lower on the corporate ladder. It can be assumed that the data these people share could therefore cause more damage when leaked.
The workers most likely to share sensitive data via cloud-based services are IT workers (76 per cent), followed by employees of HR (69 per cent) and financial (59 per cent) departments.
The problem, Arandjelovic said, is that most companies are either unaware or unconcerned about these types of behaviours and the associated risks, with no policies or security systems in place to control what happens with the data.
“It’s not about completely preventing people from using cloud-based applications because they really do have many advantages,” said Arandjelovic. “But you need to be able to have an extra layer of security. To either make sure that no data leaves the company’s systems in an unencrypted form or only allow sharing via certain apps that the company’s IT department considers safe.”
Blue Coat is developing security systems that can serve as a membrane between the companies’ networks and the Internet, while being completely invisible to the employees.
“They are going to the internet and they are accessing a cloud service and all the security that the organisation needs is being applied in a way that keeps everybody safe and makes sure that they get all the benefits of the cloud app but at the same time all the security requirements are met,” said Arandjelovic.
“We first have visibility to know when sensitive data is moving but also there are means to stop the employees from sharing sensitive data, if it is for example a cloud application that’s too risky. Or you can add on a layer, you can use encryption or tokenisation that adds security on top of the existing application."
Blue Coat says the problem is bound to get worse. The survey revealed younger generations are more keen on using cloud based apps for data sharing, which means once those younger people move to executive positions, more sensitive data would be at risk of getting into the hands of hackers.
Whilst being digital native allows the millennial generation to use computers and digital programs with unparalleled ease, there is no evidence that this generation would be more cautious when it comes choosing and reusing passwords.