Subject: A survey conducted by VaporStream indicates despite the well-publicized risks email presents to enterprises, employees still misuse email and companies are failing to successfully implement acceptable-use policies. As noted by VaporStream CEO, Jack Hembrough: “As we approach the 40th anniversary of the first Arpanet email – the progenitor to today’s email –enterprises still have not cracked the code on eliminating the legal and security risks from employee misuse. It’s clear technology and education is not having the desired effect and is no match for email’s inherent vulnerabilities. As a result, employees continue to violate regulations and leak sensitive information via email, and enterprises continue to suffer the consequences.”
Date: April 25, 2011
In a study of how professionals use, and companies manage, email - particularly the handling of private and confidential information - confidential messaging service provider VaporStream found that employees remain a major source of risk to employers and themselves. According to findings, 73.7 percent of respondents from larger companies (100+ employees) admitted to compliance violations via email. Furthermore, when asked “Does your company have an acceptable-use email policy?”, 42.7 percent answered “No” or “Unsure.” Such misuse and widespread lack of awareness were just two of many indicators showing that enterprises are not effectively mitigating email risk.
Personal & Professional Exposure: Survey results show employees not only misuse email, they fail to recognize it can be monitored or that they might be violating acceptable-use policies. This puts both employees and employers at significant business, legal, regulatory and security risk.
When asked “Does your company monitor or archive email?”, 46.5 percent answered “No” or “Unsure.”
When asked “Have you ever used your work email to send or receive private and confidential information that was unrelated to your job?”, nearly 50 percent answered “Yes.”
Post Control Angst & Anxiety: As the survey shows, the inherent lack of control over email once it has been delivered poses a wide variety of problems for, and anxiety amongst, employees.
When asked “Have you ever been in an uncomfortable situation because an email of yours was forwarded to someone whom you did not intend to view it?”, 45.3 percent answered “Yes.”
Nearly 50 percent answered “Yes” when asked “Have you ever worried about what might happen to emails after you send them and feel like you don’t have control?”
When asked “Has an email you sent ever haunted you (been brought up, referenced, circulated around the office?”, more than 1 out of every 5 answered “Yes.”
Human Error & Email: Nearly 3 out of 4 respondents answered “Yes” when asked “Have you ever sent private and confidential business information via email?” While fairly standard practice, the survey shows email and human error go hand-in-hand, and sensitive information often ends up being viewed by the wrong people.
When asked “Have you ever accidentally leaked private and confidential business information via email?”, nearly 1 out of every 10 respondents answered “Yes.”
When asked “Have you ever hit reply all instead of reply when responding to an email on your computer, tablet or smartphone?”, nearly 60 percent answered “Yes.”
Potential for Costly Violations: Regulatory compliance infractions hold serious repercussions – ranging from fines to irreparably damaged reputations – particularly for companies in areas such as finance and healthcare. Survey results show that corporate leaders have good reason to be concerned.
When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, nearly 25 percent answered “Yes, accidentally” or “Yes, intentionally.”
When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, an alarming 73.7 percent of those from larger companies (100+ employees) admitted having done so, with 45.7 percent answering “Yes, accidentally” and 28 percent answering “Yes, intentionally.”
Email’s Other Threats: Private and confidential email that has been printed out can be left on a printer, at an airport lounge or trade show booth, and mobile devices and laptops are often lost or stolen. As the survey shows, electronic distribution is not the only potential threat posed by email.
When asked “How often would you say your print out email?”, 81.7 percent answered “Occasionally” or “Often.”
More than 50 percent answered “Yes” when asked “Have you ever printed out email messages with private and confidential information?”
Nearly one-third of all respondents answered “Yes” when asked “Have your or any co workers ever lost or misplaced a smartphone, tablet or laptop containing business information?”
VaporStream CEO, Jack Hembrough, a longtime security industry veteran, is available for comment on the survey. Also available are independent cyber security and eDiscovery experts. To arrange interviews, please contact the Davies Murphy Group: Marty Querzoli, [email protected], (781) 418-2433; Sarah Otterstetter, [email protected], (781) 418-2416.