Opening documents in third-party apps: Millennials are twice as likely to use their own phones and tablets for work and while working on the go is great, opening sensitive data in mobile apps such as QuickOffice, Dropbox or Evernote isn't great for your corporate data security.
"We define our VPN policies such that employees can connect remotely but get access to sensitive data/reports only through tradeMONSTER authorized devices. However, for emails etc., we make sure sensitive documents are kept in a shared location that is access controlled," says Sahoo.
"Opening documents in third-party applications presents some unique challenges related to putting corporate data at risk. The first risk is sharing data with third parties, including applications like Facebook, Twitter, Evernote and Dropbox. While employees may naturally use caution when forwarding emails, the 'Open In' functionality is much less obvious and they may be leaking data using 'Open In' unintentionally. A second dimension exists on the Android platform, where there is an increasing possibility that malware will play a role. Applications that impersonate trusted applications could be the recipient of confidential data when users open documents using the impostor," says Fiberlink's Lingenfelter.
Sending company data over personal email addresses: Eighty-four percent of respondents reported sending sensitive data via their personal email addresses. "Many times programmers view several security policies such as not being able to use personal email addresses, USB drives, etc. as a hindrance to their productivity. Transitioning them to a risk-aware culture, keeping morale high while keeping them motivated and creative is one of the toughest challenges a CIO can face," says Sahoo.
Using File Transfer apps: You've got to send a coworker a file that's 40 megabytes but you keep getting an error on your mail program saying the file is too large. That's a typical scenario that could find employees circumventing policy to get the job done.
USB thumb drives, smartphones and tablets: In a recent survey by Symantec, 62 percent of respondents said that it was acceptable to transfer work documents to personal computers, tablets or smartphones. The majority of these files, according to Symantec, are never deleted because employees don't understand the risks involved with keeping them.
Research from Fiberlink sheds some additional (and troubling) light. Fifty-one percent 51 percent of employed U.S. adults surveyed who have personal smartphones/tablets use these mobile devices for work-related purposes and a third of those who responded said that they have lost a USB drive with confidential information on it.
Data and IP Theft: Symantec's survey revealed that half of employees who either left their position or lost their job in the last 12 months kept confidential company data to use with their next employer or business. In a recent article Robert Hamilton, director of product marketing at Symantec said, "Trusted employees are moving, sharing and exposing sensitive data in order to do their daily jobs. In other instances, they are deliberately taking confidential information to use with their next employer."
Sign up for CIO Asia eNewsletters.