UK employees continue to send physical documents despite knowing data loss risks

Published 17th December 2008

LONDON – (December 15th, 2008) – Axway and Tumbleweed Communications, which are currently integrating operations following their September merger, today released research findings that found that the majority of office workers would choose an alternative to email in order to send large and sensitive files. However, a quarter of UK businesses do not have any secure systems in place for file transfer, which highlights the extent to which businesses are putting themselves at risk of data breaches.

In a survey of 100 IT decision makers and 1,000 office workers by Axway and Tumbleweed, more than half of office workers (59%) would select a different delivery mechanism to the one they typically use when sending files (51% use email) if they suspected that the file they were sending contained sensitive information such as confidential financial, customer or employee data. End users that ‘burn a CD or tape and sent it via post or delivery service’ (72% of them) or ‘send a hard copy via post or delivery service’ (73% of them) were most likely to select a different delivery mechanism. This highlights that users are aware of the risks of physically transferring files but that they will continue using these methods if there is no secure alternative in place.

With ‘accidental’ data breaches on the rise where sensitive information is lost from physical media such as USB memory sticks, Axway and Tumbleweed urge UK businesses to implement managed file transfer systems to protect themselves from being exposed to embarrassing and costly security breaches. However, the survey revealed that a quarter of UK businesses (24%) leave their employees “to their own devices” for sending files. When files are too large to be sent via email, employees can “use CD, thumbdrives, tapes, online FTP services...whatever works for them” to transmit potentially confidential data.

Worryingly, only 33% of IT professionals were “very concerned” that people within their organisation might be transporting sensitive information on physical media (CD, USB, laptop, etc.). This highlights the laissez-faire attitude that businesses are adopting towards sensitive data and how to prevent it from falling in the wrong hands.

Dave Bennett CTO of Axway, said: “"With the problem of accidental data breaches reaching epidemic proportions in 2008, it is disconcerting that businesses in the UK are not taking the transfer of sensitive information seriously enough. Our survey shows that the majority of office workers are aware of the potential pitfalls of sending files via physical means and are willing to try alternative methods. The issue is that secure alternative methods are not there and as a result, business are putting themselves at risk of data breaches. As with any investment, it is important to see how the benefits will outweigh the initial cost and protecting customer and employee data, trade secrets and brand image should be reason enough.”

This week, Leeds City Council admitted it had lost the personal details of 5,000 nursery children that were stored on an unencrypted memory stick. This latest incident adds to a long list in 2008 of data breaches committed by UK government bodies and businesses. Axway and Tumbleweed believe that the best way to address these data transfer shortcomings is through Managed File Transfer (MFT) and Data Loss Prevention (DLP) technologies. Such solutions – which typically provide proof of delivery, full audit capabilities, and clear visibility into exactly what data was sent, when it was sent, who received it, and when it was received – should be standard operating procedure for organisations that handle sensitive and confidential data.