Somewhere along the line, most companies have the impression that when it comes to security and compliance, the IT organizations should be setting an example for the rest of the company.
That's why a survey of 130 IT executives conducted by Ipswitch during the recent InfoSecurity Europe 2010 conference is so troubling. The survey found that 40 percent of the IT professionals admitted that they send sensitive company information on insecure personal e-mail systems. Two-thirds of those respondents said they do it at least once a month; and 34 percent said they do it daily.
Now 62 percent of the IT professionals said their companies have compliance regulations in place to forbid this kind of activity, but at the same time, 72 percent said their company has no visibility into the types of files moving across the network.
Just like other workers, IT professionals are skirting compliance regulations mostly because of the file-size limitations of their corporate mail systems. But rather than turn a blind eye to this activity, Hugh Garber, product marketing manager for Ipswitch, argues that more companies need to sanction the implementation of a secure managed file-transfer service, instead of leaving employees to their own devices.
Major security breaches, along with violations of any number of compliance regulations, take place daily. But if the IT department isn't following the rules, why should anybody else follow them?