Understanding the Dangers of Workarounds
Understanding the dangers of workarounds
Before discussing how to reduce security risks associated with e-mail attachments, let's look at some common IT workarounds which employees often turn to when enterprise-level solutions are not available. Although the dangers associated with these workarounds may seem obvious, recent actions from the FTC, Department of Defense and high-profile data breaches illustrate additional education is necessary.
To alleviate the impact that growing file sizes have on e-mail networks, the common response is to place a limit on the size of messages sent and received. With Microsoft best practices limiting e-mail attachments to a mere 10MB, employees are often left to find other creative (but often unsecure) ways to send large file attachments.
Simple to use and relatively inexpensive, thumb drives, DVDs and CDs are common vehicles for transferring large amounts of data. However, these highly-portable devices quickly turn into a security nightmare when placed in the wrong hands. Although advances are being made that allow encryption of thumb drives, more work needs to be done before this method is ready for mass use. Additionally, the inability to monitor what information is copied onto devices and track where the devices go after leaving an enterprise makes achieving compliance impossible.
Using P2P in the workplace
The use of P2P in the workplace often happens with the best of intentions. Typically installed to exchange music files with friends, P2P can become an appealing IT workaround for an employee who discovers the proposal they need to send is too large to share over a company e-mail network. FTC Chairman Jon Leibowitz has recently stated that, unfortunately, "companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers' sensitive information such as health-related information, financial records, driver's license and social security numbers at risk for identity theft."Dedicated FTP servers installed to overcome size limitations come with their own set of problems. In addition to being too technical for the average user, shared account names, passwords and files left indefinitely on unsecure FTP servers present a weak link in an organization's data security programs.