Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/26/2011
05:08 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

73.7% Admit Email Compliance Violations

Enterprises are not effectively mitigating email risk or educating employees on acceptable-use policies, according to VaporStream study

Subject: A survey conducted by VaporStream indicates despite the well-publicized risks email presents to enterprises, employees still misuse email and companies are failing to successfully implement acceptable-use policies. As noted by VaporStream CEO, Jack Hembrough: “As we approach the 40th anniversary of the first Arpanet email – the progenitor to today’s email –enterprises still have not cracked the code on eliminating the legal and security risks from employee misuse. It’s clear technology and education is not having the desired effect and is no match for email’s inherent vulnerabilities. As a result, employees continue to violate regulations and leak sensitive information via email, and enterprises continue to suffer the consequences.”

Date: April 25, 2011

In a study of how professionals use, and companies manage, email - particularly the handling of private and confidential information - confidential messaging service provider VaporStream found that employees remain a major source of risk to employers and themselves. According to findings, 73.7 percent of respondents from larger companies (100+ employees) admitted to compliance violations via email. Furthermore, when asked “Does your company have an acceptable-use email policy?”, 42.7 percent answered “No” or “Unsure.” Such misuse and widespread lack of awareness were just two of many indicators showing that enterprises are not effectively mitigating email risk.

Personal & Professional Exposure: Survey results show employees not only misuse email, they fail to recognize it can be monitored or that they might be violating acceptable-use policies. This puts both employees and employers at significant business, legal, regulatory and security risk.

  • When asked “Does your company monitor or archive email?”, 46.5 percent answered “No” or “Unsure.”

  • When asked “Have you ever used your work email to send or receive private and confidential information that was unrelated to your job?”, nearly 50 percent answered “Yes.”

    Post Control Angst & Anxiety: As the survey shows, the inherent lack of control over email once it has been delivered poses a wide variety of problems for, and anxiety amongst, employees.

  • When asked “Have you ever been in an uncomfortable situation because an email of yours was forwarded to someone whom you did not intend to view it?”, 45.3 percent answered “Yes.”

  • Nearly 50 percent answered “Yes” when asked “Have you ever worried about what might happen to emails after you send them and feel like you don’t have control?”

  • When asked “Has an email you sent ever haunted you (been brought up, referenced, circulated around the office?”, more than 1 out of every 5 answered “Yes.”

    Human Error & Email: Nearly 3 out of 4 respondents answered “Yes” when asked “Have you ever sent private and confidential business information via email?” While fairly standard practice, the survey shows email and human error go hand-in-hand, and sensitive information often ends up being viewed by the wrong people.

  • When asked “Have you ever accidentally leaked private and confidential business information via email?”, nearly 1 out of every 10 respondents answered “Yes.”

  • When asked “Have you ever hit reply all instead of reply when responding to an email on your computer, tablet or smartphone?”, nearly 60 percent answered “Yes.”

    Potential for Costly Violations: Regulatory compliance infractions hold serious repercussions – ranging from fines to irreparably damaged reputations – particularly for companies in areas such as finance and healthcare. Survey results show that corporate leaders have good reason to be concerned.

  • When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, nearly 25 percent answered “Yes, accidentally” or “Yes, intentionally.”

  • When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, an alarming 73.7 percent of those from larger companies (100+ employees) admitted having done so, with 45.7 percent answering “Yes, accidentally” and 28 percent answering “Yes, intentionally.”

    Email’s Other Threats: Private and confidential email that has been printed out can be left on a printer, at an airport lounge or trade show booth, and mobile devices and laptops are often lost or stolen. As the survey shows, electronic distribution is not the only potential threat posed by email.

  • When asked “How often would you say your print out email?”, 81.7 percent answered “Occasionally” or “Often.”

  • More than 50 percent answered “Yes” when asked “Have you ever printed out email messages with private and confidential information?”

  • Nearly one-third of all respondents answered “Yes” when asked “Have your or any co workers ever lost or misplaced a smartphone, tablet or laptop containing business information?”

    VaporStream CEO, Jack Hembrough, a longtime security industry veteran, is available for comment on the survey. Also available are independent cyber security and eDiscovery experts. To arrange interviews, please contact the Davies Murphy Group: Marty Querzoli, [email protected], (781) 418-2433; Sarah Otterstetter, [email protected], (781) 418-2416.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Edge-DRsplash-10-edge-articles
    7 Old IT Things Every New InfoSec Pro Should Know
    Joan Goodchild, Staff Editor,  4/20/2021
    News
    Cloud-Native Businesses Struggle With Security
    Robert Lemos, Contributing Writer,  5/6/2021
    Commentary
    Defending Against Web Scraping Attacks
    Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-36197
    PUBLISHED: 2021-05-13
    An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This ...
    CVE-2020-36198
    PUBLISHED: 2021-05-13
    A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP...
    CVE-2021-28799
    PUBLISHED: 2021-05-13
    An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to v3...
    CVE-2021-22155
    PUBLISHED: 2021-05-13
    An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s acco...
    CVE-2021-23134
    PUBLISHED: 2021-05-12
    Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.