Unmonitored FTP usage is putting confidential data at risk, according to a new study.
FTP technology, which allows users to transfer files between two computers over the internet, carries with it an extraordinary security risk. All transmissions via FTP are delivered in clear text, so user names, passwords, commands and data can be easily intercepted and read. Files transferred via FTP are uploaded or downloaded without any encryption at all.
According to a nationwide survey of 500 public sector IT workers, 61% do not monitor FTP usage whatsoever, despite 76% having concerns about the current security of file transfers. With roughly 6.195 million people working in the public sector and 506,000 people working in the civil service alone and transferring files every day, the current FTP set-up represents an unacceptable risk to civilian and public sector data.
Public sector workers are already finding it difficult to send and receive large files due to mailbox restrictions. With 89% of workers unable to send or receive emails in excess of 15 MB, its cited by many as a driver to use FTP sites for larger file transfers.
The issue of cyber-threats has garnered significant media attention, but it’s important that the public sector remembers its basic responsibility to protect Government files by building on the good foundation that some Departments have already laid. Eradicating FTP has to be a priority.
As the Government looks to inject £650m into cyber security defences as part of Strategic Defence and Security Review, we need to remember that a strong defence is the best offence and we certainly need to be on the offensive against this ever increasing threat.
Although the public sector is facing cuts and efficiency measures, ignoring the issue of FTP of for file transfers is a false economy, especially in light of recent ICO fines.
By investing in the right technology to help public sector IT managers to handle both interactive, user-driven communications and automated file transfer over the internet and private IP networks, they could save money and time by consolidating disparate systems and replacing costly VANs and VPN connections – with good governance tools it would also simplify their compliance with government policies and regulations.