Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/26/2011
05:08 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

73.7% Admit Email Compliance Violations

Enterprises are not effectively mitigating email risk or educating employees on acceptable-use policies, according to VaporStream study

Subject: A survey conducted by VaporStream indicates despite the well-publicized risks email presents to enterprises, employees still misuse email and companies are failing to successfully implement acceptable-use policies. As noted by VaporStream CEO, Jack Hembrough: “As we approach the 40th anniversary of the first Arpanet email – the progenitor to today’s email –enterprises still have not cracked the code on eliminating the legal and security risks from employee misuse. It’s clear technology and education is not having the desired effect and is no match for email’s inherent vulnerabilities. As a result, employees continue to violate regulations and leak sensitive information via email, and enterprises continue to suffer the consequences.”

Date: April 25, 2011

In a study of how professionals use, and companies manage, email - particularly the handling of private and confidential information - confidential messaging service provider VaporStream found that employees remain a major source of risk to employers and themselves. According to findings, 73.7 percent of respondents from larger companies (100+ employees) admitted to compliance violations via email. Furthermore, when asked “Does your company have an acceptable-use email policy?”, 42.7 percent answered “No” or “Unsure.” Such misuse and widespread lack of awareness were just two of many indicators showing that enterprises are not effectively mitigating email risk.

Personal & Professional Exposure: Survey results show employees not only misuse email, they fail to recognize it can be monitored or that they might be violating acceptable-use policies. This puts both employees and employers at significant business, legal, regulatory and security risk.

  • When asked “Does your company monitor or archive email?”, 46.5 percent answered “No” or “Unsure.”

  • When asked “Have you ever used your work email to send or receive private and confidential information that was unrelated to your job?”, nearly 50 percent answered “Yes.”

    Post Control Angst & Anxiety: As the survey shows, the inherent lack of control over email once it has been delivered poses a wide variety of problems for, and anxiety amongst, employees.

  • When asked “Have you ever been in an uncomfortable situation because an email of yours was forwarded to someone whom you did not intend to view it?”, 45.3 percent answered “Yes.”

  • Nearly 50 percent answered “Yes” when asked “Have you ever worried about what might happen to emails after you send them and feel like you don’t have control?”

  • When asked “Has an email you sent ever haunted you (been brought up, referenced, circulated around the office?”, more than 1 out of every 5 answered “Yes.”

    Human Error & Email: Nearly 3 out of 4 respondents answered “Yes” when asked “Have you ever sent private and confidential business information via email?” While fairly standard practice, the survey shows email and human error go hand-in-hand, and sensitive information often ends up being viewed by the wrong people.

  • When asked “Have you ever accidentally leaked private and confidential business information via email?”, nearly 1 out of every 10 respondents answered “Yes.”

  • When asked “Have you ever hit reply all instead of reply when responding to an email on your computer, tablet or smartphone?”, nearly 60 percent answered “Yes.”

    Potential for Costly Violations: Regulatory compliance infractions hold serious repercussions – ranging from fines to irreparably damaged reputations – particularly for companies in areas such as finance and healthcare. Survey results show that corporate leaders have good reason to be concerned.

  • When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, nearly 25 percent answered “Yes, accidentally” or “Yes, intentionally.”

  • When asked “Have your or any member of your organization ever sent information via email that was in violation of regulatory compliance?”, an alarming 73.7 percent of those from larger companies (100+ employees) admitted having done so, with 45.7 percent answering “Yes, accidentally” and 28 percent answering “Yes, intentionally.”

    Email’s Other Threats: Private and confidential email that has been printed out can be left on a printer, at an airport lounge or trade show booth, and mobile devices and laptops are often lost or stolen. As the survey shows, electronic distribution is not the only potential threat posed by email.

  • When asked “How often would you say your print out email?”, 81.7 percent answered “Occasionally” or “Often.”

  • More than 50 percent answered “Yes” when asked “Have you ever printed out email messages with private and confidential information?”

  • Nearly one-third of all respondents answered “Yes” when asked “Have your or any co workers ever lost or misplaced a smartphone, tablet or laptop containing business information?”

    VaporStream CEO, Jack Hembrough, a longtime security industry veteran, is available for comment on the survey. Also available are independent cyber security and eDiscovery experts. To arrange interviews, please contact the Davies Murphy Group: Marty Querzoli, [email protected], (781) 418-2433; Sarah Otterstetter, [email protected], (781) 418-2416.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Oldest First  |  Newest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    2020: The Year in Security
    Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
    Flash Poll
    Assessing Cybersecurity Risk in Today's Enterprises
    Assessing Cybersecurity Risk in Today's Enterprises
    COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-12512
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
    CVE-2020-12513
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
    CVE-2020-12514
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
    CVE-2020-12525
    PUBLISHED: 2021-01-22
    M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
    CVE-2020-12511
    PUBLISHED: 2021-01-22
    Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.