A majority of companies could be exposing confidential and sensitive business information through metadata contained in documents shared online and through mobile devices, according to a recent study.
Even though 94 per cent of IT professionals and workers recognize that some company documents have more commercial value that other, only one in five of people are using secure methods in sharing those documents with co-workers, partners and clients, according to a global survey of 800 knowledge workers by United Kingdom-based secure file sharing and collaboration apps company Workshare.
According to Workshare, companies are putting their data at risks of falling into the wrong hands by failing to provide their employees with tools that detect and remove metadata from files they transmit and share with other people through computer and mobile devices.
Metadata is often called “data about data”.
Traditionally metadata is found in card catalogue or libraries. With the increasing use of digital technologies, metadata has been used to describe contents and context of data file. For instance, a digital document could contain, category names, citations such as titles, sources and access date.
Metadata can include hidden sensitive information in Excel, comments or track changes left in Word, and notes left in PowerPoint.
“Businesses must regain control and stem the flow of highly confidential information leaving the enterprise,” said Anthony Foy, CEO at Workshare.
Workshare offers a tool that enables the owner of a document to automatically and selectively remove metadata from a document. As the document is attached to an email, the tool notifies the use of all hidden metadata and provides the user with several options on how to deal with it including converting the file to PDF, sending the document via secure link or leaving the metadata in, said Dave Ewart, senior director of product marketing at Workshare.
As more of workers bring their own mobile devices and applications into the workplace, corporate data is increasingly being shared in methods, not sanction by corporate IT departments.
“This sharing behaviour leads to increasing levels of commercial and compliance risk as data leave the confines of the corporate network without the control of IT groups,” the report said.
Among the key findings of the survey were:
- 65 per cent of employees believe it’s their responsibility to ensure that sensitive company information is not leaked
- Only 32 per cent of knowledge workers always clean files of hidden sensitive data before sharing
- 70 per cent of those who forward emails with attachments without reading them first do not remove sensitive data before sending
- 80 per cent of employees use unsecure file sharing methods, putting corporate data at risk
While 62 per cent of organizations do not allow workers to use their own apps and devices for work, as many as 39 per cent of workers surveyed still do so. Of those that bring their own devices and apps to work, 30 per cent do so without the knowledge of their respective IT departments.
Only 10 per cent of the respondents are aware of what metadata is, but they still do not remove it from the documents they share. About 32 per cent remove metadata, “only if they deem the content itself to be sensitive and confidential.”
Only four per cent of respondents said they usually remove metadata but don’t or do not have the capability to do so when sharing from a mobile device.
Also alarming is that 79 per cent of respondents cannot control how long recipients of their messages have access to the content of the message that was transmitted.
“This means that once shared, recipients can keep the shared content for an unidentified period of time, with the owner having no way of restricting or rescinding access and no visibility over how that content is used or shared,” the report said.