FTP Security FAIL

happygeek 0 Tallied Votes 333 Views Share

One third of businesses totally fail to encrypt their sensitive data transfers. That's the conclusion of a new survey into file transfer security which noted the huge disparities in attitudes towards data security in general and data security during transfer. According to the 2009 File Transfer Security Survey undertaken by managed file transfer solutions developer Ipswitch, while some 82% of organisations engage in the exchange of sensitive data only 64% actually encrypt that data either when it is at rest or being transferred.

Within the engineering and heavy industry sectors only 54% of respondents reported encrypting sensitive data as part of their secure data transfer strategy, whereas when it came to health, education and government services the numbers improved to 69%. Perhaps unsurprisingly, the IT sector did better with 70% of respondents encrypting data, but not as good as professional services on 74% or the big daddy of secure data transfer which was financial services on 77.5% - although this is largely down to the presence of explicit and demanding regulations to ensure financial data is safe.

Based upon responses from more than 300 businesses ranging from media organisations, law and accountancy firms through to national and local government, schools, hospitals banks, consultants and retailers, other key findings of the report included:

  • 22% of businesses in financial services do not encrypt data transfers
  • 16% are still not confident that their arrangement for transferring large files is secure
  • Over a third of respondents cite secure file transfer as a ‘high priority’, 24% see it as a ‘low priority’, and a third regard price as the most important criterion when implementing it

Despite increasingly stringent regulation, including new rules for data protection and handling of financial data, only 6% recognise that this has presented short term implementation deadlines, whilst 49% either believe no improvements to secure transfer infrastructure are needed, or have placed improvements on hold

Referring to a record £3.3 million fine handed down by the FSA, this month, to a major financial institution, for the loss of unencrypted data, Ipswitch Vice President, Jonathan Lampe, says "we know that even big banks still fail to encrypt all transfers of sensitive financial data, we commissioned this report to examine failings in the transfer of sensitive data across all business sectors, and we are still seeing a persistent minority failing to deal with sensitive data in a secure or compliant manner."