Unauthorized Data Sharing Puts Companies at Risk

According to a survey from data discovery and auditing software vendor Netwrix, companies are still facing the problem of inappropriate data sharing. Although most companies have designated secure storage areas for their data, research has found that many find it leaking into insecure areas.

One in four companie discovered data stored outside of designated secure locations in the past year, according to the vendor’s “2020 Data Risk & Security” report. It took quite some time for them to discover the stray data, with 23 per cent reporting that it lay undiscovered for weeks.

It appears that this data makes its way into insecure storage as a result of employees failing to follow data sharing policies if they even exist. The survey found that 30 per cent of systems administrators granted direct access to sensitive data based only on user reports. The results present themselves on audits and can lead to financial penalties. 54 per cent of companies that experienced data-sharing incidents ended up with non-compliance findings from audits.

The survey found that many companies fail to monitor user data access privileges. He reported that just over half of all organisations do not review these access privileges on a regular basis. This lack of visibility makes data track sharing difficult. Only half of all organisations in the survey are confident that employees are sharing data without knowledge of the IT department. 29 per cent of those cannot track employee data sharing at all, making it difficult to prove their claims.

The survey looked at all stages of the data life cycle, from creation to disposal, and found poor practices at the data-creation stage that have direct implications for other stages, such as data sharing. Almost two-thirds of the survey respondents said they were unable to confirm that they only collect the minimum amount of customer data required. Of those, 34 per cent are subject to GDPR, which limits the minimum amount of data they can collect. Companies that collect more customer data than required and fail to manage it properly later on compound their security risk.

The survey covered 1,045 IT professionals worldwide, with 48 per cent coming from North America, followed by 26 per cent from the EMEA region. Half of te companies had 1,000 or fewer.