This article appears courtesy of www.cioupdate.com

Employees are reading, emailing, texting and copying company files around the clock every day, putting customers' personal information, their jobs and their employers' reputations at risk in ways that were unimaginable just two or three years ago.  And now the onus is on the CIO and his or her IT security team to put the toothpaste back in the tube at a time when most employees have multiple personal email accounts, smartphones with more computing power than some desktops in their office, and  portable media devices and drives capable of downloading years' worth of sensitive financial information.

That sums up the findings of a new study proffered by Ipswitch, a provider of network and file transfer monitoring software.

According to Ipswitch, 40 percent of attendees surveyed at this year's InfoSecurity Europe conference said they routinely violated their companies' security and compliance rules by sending confidential information through their personal email accounts.

Worse, they said they did it specifically to eliminate any chance of an electronic trail being left on their companies' data networks and security tracking software.

"Employees will almost always take the path of least resistance, even if that unintentionally means violating company policies and breaking security protocols," Frank Kenney, Ipswitch's vice president of global strategy, said in the report.  "Businesses need complete visibility into the files that are moving internally and externally company-wide, with a file transfer approach that makes it fast and easy for employees to securely exchange information with customers, partners and colleagues."   

Unsaid in the report is the fact that enterprises are put in the precarious position of increasingly relying on employees to use smartphones, instant messaging, social networks and new media devices to do their jobs efficiently — even though they lack  the security technology and staff to properly manage and monitor all these applications and devices.

Ipswitch security researchers said that 69 percent of respondents said they send classified information including payroll, customer data and corporate financial data through their personal email account at least once a month. And 34 percent said they do it every day.

The security implications of this laissezfaire attitude hit home in a big way in March for HSBC, one of the world's largest private banks.

After downplaying what was first described as a minor security issue, the London-based bank finally had to admit that an employee stole the account information of more than 24,000 clients and then tried to sell them to competing banks in Lebanon before finally turning them over to French tax authorities.

"We deeply regret the situation and unreservedly apologise to our clients for this threat to their privacy," Alexandre Zeller, CEO of HSBC Private Bank in Switzerland, said at the time.

It doesn't help that consumers have been conditioned to expect more storage, clarity, functionality and speed from device and application developers. To this end, Microsoft recently rolled out "exFat" technology, short for Extended File Allocation Table, that enables flash memory cards, smartphones and cameras to handle orders of magnitude more memory than previous file systems.

While most companies (62 percent) have file-sharing policies and rules in place, most companies lack the resources or file-transfer monitoring tools in place to enforce them. In fact, 72 percent of respondents said their companies lack any meaningful visibility into files moving both within the company and to and from out-side email accounts and websites.

"With thousands of gigabytes of information moving in and out of companies every month, executives need visibility into who's sending, receiving, and forwarding business-critical documents for security and compliance purposes," Kenny said.

"It's far too easy for information to get into the wrong hands, evident by hundreds of data breaches in the first half of this year alone, and unless companies communicate and enforce file-transfer policies, with total visibility and company-wide management, their risk of a breach will continue to rise."

"It's far too easy for information to get into the wrong hands, evident by hundreds of data breaches in the first half of this year alone, and unless companies communicate and enforce file-transfer policies, with total visibility and company-wide management, their risk of a breach will continue to rise."

—Larry Barrett is a senior editor at Inter-netNews.com, the news service of Internet.com, the network for technology professionals. This feature was first published on http://www.cioupdate.com./

To see more articles regarding IT management best practices, please visit www.cioupdate.com.