Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:08 PM
Dark Reading
Dark Reading
Products and Releases

73.7% Admit Email Compliance Violations

Enterprises are not effectively mitigating email risk or educating employees on acceptable-use policies, according to VaporStream study

Subject: A survey conducted by VaporStream indicates despite the well-publicized risks email presents to enterprises, employees still misuse email and companies are failing to successfully implement acceptable-use policies. As noted by VaporStream CEO, Jack Hembrough: “As we approach the 40th anniversary of the first Arpanet email – the progenitor to today’s email –enterprises still have not cracked the code on eliminating the legal and security risks from employee misuse. It’s clear technology and education is not having the desired effect and is no match for email’s inherent vulnerabilities. As a result, employees continue to violate regulations and leak sensitive information via email, and enterprises continue to suffer the consequences.”

Date: April 25, 2011

In a study of how professionals use, and companies manage, email - particularly the handling of private and confidential information - confidential messaging service provider VaporStream found that employees remain a major source of risk to employers and themselves. According to findings, 73.7 percent of respondents from larger companies (100+ employees) admitted to compliance violations via email. Furthermore, when asked “Does your company have an acceptable-use email policy?”, 42.7 percent answered “No” or “Unsure.” Such misuse and widespread lack of awareness were just two of many indicators showing that enterprises are not effectively mitigating email risk.

Personal & Professional Exposure: Survey results show employees not only misuse email, they fail to recognize it can be monitored or that they might be violating acceptable-use policies. This puts both employees and employers at significant business, legal, regulatory and security risk.

  • When asked “Does your company monitor or archive email?”, 46.5 percent answered “No” or “Unsure.”

  • When asked “Have you ever used your work email to send or receive private and confidential information that was unrelated to your job?”, nearly 50 percent answered “Yes.”

    Post Control Angst & Anxiety: As the survey shows, the inherent lack of control over email once it has been delivered poses a wide variety of problems for, and anxiety amongst, employees.

  • When asked “Have you ever been in an uncomfortable situation because an email of yours was forwarded to someone whom you did not intend to view it?”, 45.3 percent answered “Yes.”

  • Nearly 50 percent answered “Yes” when asked “Have you ever worried about what might happen to emails after you send them and feel like you don’t have control?”

  • When asked “Has an email you sent ever haunted you (been brought up, referenced, circulated around the office?”, more than 1 out of every 5 answered “Yes.”

    Human Error & Email: Nearly 3 out of 4 respondents answered “Yes” when asked “Have you ever sent private and confidential business information via email?” While fairly standard practice, the survey shows email and human error go hand-in-hand, and sensitive information often ends up being viewed by the wrong people.

  • When asked “Have you ever accidentally leaked private and confidential business information via email?”, nearly 1 out of every 10 respondents answered “Yes.”

  • When asked “Have you ever hit reply all instead of reply when responding to an email on your computer, tablet or smartphone?”, nearly 60 percent answered “Yes.”

    Potential for Costly Violations: Regulatory compliance infractions hold serious repercussions – ranging from fines to irreparably damaged reputations – particularly for companies in areas such as finance and healthcare. Survey results show that corporate leaders have good reason to be concerned.

  • When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, nearly 25 percent answered “Yes, accidentally” or “Yes, intentionally.”

  • When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, an alarming 73.7 percent of those from larger companies (100+ employees) admitted having done so, with 45.7 percent answering “Yes, accidentally” and 28 percent answering “Yes, intentionally.”

    Email’s Other Threats: Private and confidential email that has been printed out can be left on a printer, at an airport lounge or trade show booth, and mobile devices and laptops are often lost or stolen. As the survey shows, electronic distribution is not the only potential threat posed by email.

  • When asked “How often would you say your print out email?”, 81.7 percent answered “Occasionally” or “Often.”

  • More than 50 percent answered “Yes” when asked “Have you ever printed out email messages with private and confidential information?”

  • Nearly one-third of all respondents answered “Yes” when asked “Have your or any co workers ever lost or misplaced a smartphone, tablet or laptop containing business information?”

    VaporStream CEO, Jack Hembrough, a longtime security industry veteran, is available for comment on the survey. Also available are independent cyber security and eDiscovery experts. To arrange interviews, please contact the Davies Murphy Group: Marty Querzoli, [email protected], (781) 418-2433; Sarah Otterstetter, [email protected], (781) 418-2416.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Manchester United Suffers Cyberattack
    Dark Reading Staff 11/23/2020
    As 'Anywhere Work' Evolves, Security Will Be Key Challenge
    Robert Lemos, Contributing Writer,  11/23/2020
    Cloud Security Startup Lightspin Emerges From Stealth
    Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-11-28
    In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
    PUBLISHED: 2020-11-27
    blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
    PUBLISHED: 2020-11-27
    npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
    PUBLISHED: 2020-11-27
    In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
    PUBLISHED: 2020-11-27
    In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.