Copying documents out of Microsoft SharePoint to less secure media such as email and thumb drives is common among users of the collaboration platform, at least in the UK.
According to a survey of 100 users who attended a SharePoint conference in November, 45% have made such copies, with 18% saying they do it regularly, indicating a need for data-loss prevention.
Despite 92% saying they know that such actions make the documents less secure, they do it to share with others who don't have SharePoint access, to work on files at home or to edit them because SharePoint editing is too slow, according to the survey conducted by threat mitigation consultants Cryptzone. Some of that sharing may be due to the fact that 56% say that no third parties are allowed SharePoint access, despite business needs.
Of those who do violate security policy by removing documents from SharePoint, a third say they never thought about the security implications, 30% say they don't care if it helps get their jobs done and 23% say the documents in question aren't sensitive, the survey says.
About a third of respondents who know they are not meant to read some SharePoint documents do so anyway, with the most popular content being details about co-workers, salaries and merger and acquisition information, the survey says.
The authors of the survey recommend that businesses conduct their own investigations to discover the possible violations of security policy within their own organisations. They also recommend encrypting the most sensitive documents and making sure security controls follow the data wherever it moves.