Recent studies have shown that e-mails are the main source of data leakage in companies. A survey conducted by the Ponemon Institute revealed, “Out of the 830 information technology, security and compliance professionals, more than half of the respondents said improper e-mail use by employees is the main cause of data leaks within the organization.
According to the survey, 69% believe that employees violate the company security rules by sending important information through insecure e-mail channels while 60% use webmail accounts to send company’s sensitive information. Around 63% believe that employees had sent confidential information by mistake to users who are not in the workplace. There is also big concern about data loss by using e-mails facilities on phones.
Reports have also shown that, data leaks are also due to employee’s habit of saving their e-mails in their inbox instead of saving it to 'appropriate data centers' or saving them locally. About 75% of company’s sensitive information is saved in e-mails or attachments. Organizations should ensure that employees do not break the security policies. Administrators should also see to it that their company has proper technology to safeguard their data from being leaked. During the survey only 42% were confident about their ability to safeguard their company’s data.
Highly regulated industries like health care and financial services face violation of agreement if they do not maintain e-mail encryption technology. State laws in Massachusetts and Nevada, Health insurance Portability and Accountability Act (HIPAA), and Sarbanese-Oxley legislation all have rules and regulations, which protect confidential information through e-mail.
Data leaks are also due to the ignorant behavior of the company. During the survey, 84% said that they were unaware of the kind of information to be encrypted. It was also observed that, out of those organizations using e-mail encryption, half of them were using products which were at least 4 years old. Senders and receivers of e-mails had their own reasons to not using e-mail encryption. 52% senders and 57% receivers said that e-mail encryption technology caused 'high level of frustration'.
To avoid data leakage from organizations, administrators should plan out effective security policies, which should be followed by every employee.