Email Fingered As Main Source Of Data Leaks

A recent Ponemon Institute report has blamed email systems as the main source of data leakage within an organisation.

In a survey of 830 information technology, security and compliance professionals, more than half of the respondents said improper email use by employees is the main cause of data leaks within the organisation, the Ponemon Institute said 20 September.

The study, sponsored by email encryption vendor Zix, looked at the risk to confidential information transmitted by email.

Insecure Email

Approximately 69 percent said employees have violated security policies and frequently send sensitive information through insecure email channels, and 60 percent use personal Webmail accounts to send corporate information, the survey found. About 63 percent believe employees mistakenly send confidential information to recipients outside the workplace.

In addition, 70 percent of the compliance and security professionals surveyed are concerned about data lost via email on mobile devices.

Email is “such a significant tool that employees are inclined to circumvent policy and email sensitive information, so they can effectively perform their responsibilities in a timely manner,” said Larry Ponemon, chairman and founder of the Ponemon Institute.

The Ponemon Institute cited email usage figures from Osterman Research in the report, noting that 20 to 25 percent of emails contain attachments that make up 98 percent of the total volume of data sent via email. Instead of saving attachments locally or to “appropriate data storage centres,” employees often save them in email folders, effectively turning the inbox into a “personal storage centre,” Ponemon researchers wrote.

On average, 75 percent of an organisation’s intellectual property is in an email or an attachment, the researchers estimated.

While organisations should ensure employees aren’t sending sensitive data outside the company via email, the report noted other email-related risks.

Considering the amount of information stored on mail servers, a data breach could result in the theft of highly sensitive information. Mobile devices are also a cause for concern, as employees are increasingly checking email while outside of the office.

“Mobile security adds yet another layer of complexity for security and compliance professionals,” said Rick Spurr, CEO of Zix.

Administrators are also concerned about their abilities to manage the flow of sensitive data. Less than half, or 42 percent, feel they have adequate technology for securing sensitive email or attachments.

Compliance Impact

Organisations in highly regulated industries, such as financial services and health care, face possible compliance violations if they don’t have email encryption technology in place. The Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, Sarbanes-Oxley legislation and state laws in Massachusetts and Nevada all have rules about protecting confidential information sent via email.

While regulatory compliance remains the biggest driver for deploying email encryption, 84 percent of survey respondents said they don’t know what information needs to be encrypted. Of the organisations without email encryption, more than half, or 67 percent, were unaware there are regulations governing how sensitive information should be sent over email, the survey found.

Organisations are often using older technology, which affects user satisfaction. More than half of the respondents are using email encryption products that are at least 4 years old. About 52 percent of the senders and 57 percent of receivers said email encryption products cause “high levels of frustration,” the report found.

The complexity of encryption is also higher for mobile devices. Only 31 percent of responders said they’d ever opened an encrypted email on a mobile device.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Amazon Drivers Risk Increasing Number Of Injuries

Study shows that nearly one in five Amazon delivery drivers suffered injuries in 2021- again…

16 mins ago

Nokia CEO Predicts 2030 Arrival For 6G, But Not On Smartphone

Nokia CEO Pekka Lundmark offers his predictions as to arrival of 6G connectivity in this…

4 hours ago

Mark Zuckerberg Sued By DC AG Over Cambridge Analytica Scandal

Four years later, and Washington DC Attorney General decides to sue Mark Zuckerberg personally over…

5 hours ago

Global Digital Tax Law Not Ready Until 2024, Says OECD

Corporation tax delay. Rollout of 15 percent tax agreement for big name corporations only likely…

10 hours ago

Silicon UK In Focus Podcast: The Future of SaaS

How has Saas become an essential component of a successful business? The importance of a…

10 hours ago