‘Generation Gmail’ Threatens Corporate Data Security

People under the age of 25 send work-related emails from their personal accounts and leak company information

A new generation of social media savvy employees is reportedly putting businesses at risk, displaying a blasé attitude to corporate intellectual property flowing outside the organisation and being stored on public servers.

According to research by email management firm Mimecast, the emerging group of young workers – which it dubs ‘Generation Gmail’ – is becoming increasingly frustrated by the restrictions imposed on their business email accounts, prompting them to create ‘workarounds’ which put corporate data at risk.

“With social networks and personal email a ubiquitous part of their life, the way email is used by this demographic is bleeding into the workplace. So it is not surprising that expectations for workplace technology are shifting accordingly,” said Nathaniel Borenstein, chief scientist at Mimecast. “The results find workers frustrated with corporate restrictions and working around these using personal email accounts in order not to affect their productivity or flexibility.”

Corporate email not adequate

The study found that 85 percent of under 25s send work-related emails or documents to or from personal email accounts. This is largely due to a sense of frustration with traditional workplace tools and regulations. Over half of under 25s said that if they had an unlimited work mailbox they would be less likely to send work emails to personal accounts, the report claims.

Of those surveyed in the age group, 52 percent rated their personal email account more highly than their work email in terms of mailbox size, compared to just 29 percent of over 55s.

Meanwhile, more than a third (36 percent) of incoming emails to work inboxes are non-work related, according to Mimecast. The average employee under 25 also reportedly sends around three emails a week containing corporate IP and potentially sensitive information outside of their corporate environment.

“Employees increasingly mix and match technologies, using devices and platforms interchangeably to find workarounds that maximise their flexibility and productivity,” said Borenstein. “Employers need to work out what they are going to do in the face of this cultural shift.”

The insider threat

However, email governance is just one of the problems that businesses need to consider when protecting their intellectual property and sensitive information. As Sophos senior technology consultant Graham Cluley told eWEEK Europe last year, the main cause of security breaches is still human error, and the ‘insider threat‘ comes in many forms.

Research by Imperva released in November reveals that 70 percent of employees plan to steal confidential data when leaving their job, with intellectual property and customer records topping the list. Imperva blames the lack of data protection policies within UK companies, claiming that most organisations do not have a policy to remove stored data from employees’ laptops upon departure.

“It seems most employees have no deliberate intention to cause the company any damage,” said Imperva CTO Amichai Shulman. “Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.”

Meanwhile, the Information Commissioner’s Office (ICO) has been cracking down on data breaches over the last year. Ealing and Hounslow councils were slapped with stiff financial penalties earlier this month, after losing laptops that contained sensitive personal data. The ICO has the power to impose fines of up to half a million pounds.