LONDON – An independent survey commissioned by email management company Mimecast has revealed that an alarming 94% of companies are powerless to stop confidential information leaving their organisation by email.
The survey revealed that just 6% of respondents were confident anyone attempting to send confidential company information by email out of the organisation would be prevented from doing so.
The independent survey, conducted among a sample of 125 IT managers, revealed 32% of companies would not even be aware confidential information had been leaked so would be unable to take steps to minimise the damage or track down the source of the information. However, 62% would be able to retrospectively identify the email leak once the information had been sent, but confessed to being unable to prevent its disclosure.
James Blake, security expert at Mimecast, says: “The picture revealed by this survey points to fundamental security issues with protecting not only a company’s own data but also customer data such as patient records or credit card numbers.” He adds: “With the blurring of boundaries between company employees and external consultants, contractors, outsourcers and other third parties, it is now much more difficult to ensure the appropriate flow of information outside the organisation. Especially because the majority of employees are now knowledge workers with access to significant amounts of confidential data.”
“These figures do not surprise me,” says Bob Tarzey, security analyst at Quo Circa. “On the whole, employees are not sending stuff out maliciously, but through carelessness or lack of fore-thought. Education can help to some extent, but many employees are using communications tools all day, every day and mistakes will happen, so having checks in place makes sense. Affordability of available technology to tackle the problem is also a problem, as most businesses are unable to invest in the high end, on-premise data-leak prevention products that large business can, so the availability of on-demand services like those offered by Mimecast to achieve the same end is welcome, providing performance is not adversely affected.”
The week on Risk.net, December 2–8, 2017Receive this by email