20 stories
today

Restrictive email policies creating hidden security risks for business

Second part of the Generation Gmail Report by Mimecast reveals that employers must provide flexibility for email users if they are to protect their corporate IP from leaking outside the organisation

London, UK – 9 March 2011 – Mimecast today announced the second instalment of its Generation Gmail Report; an international study investigating how attitudes to work email use are evolving and the differing ways in which employers are managing this core communication channel. The report indicates that IT departments are fighting a losing battle in seeking to constrain employees’ behaviour through policy alone. Findings suggest that a new approach is needed in order to empower employees while protecting corporate intellectual property and ensuring the business complies with the relevant regulations.

The research found that information workers want to be able to use email as flexibly in the workplace as they can in their personal lives. When they are unable to work in the way that they want using corporate technology, employees are willing to work around these issues by using their personal email accounts.

The study found that 79 per cent of people send work emails from their personal email accounts, with 1 in 5 saying they do this on a regular basis. Awareness of the security risks this poses does not seem to prevent this behaviour; 71 per cent of people questioned recognise that there is an additional risk in sending work documents outside the corporate email environment but 47 per cent still think it is acceptable to send work emails and documents to personal email accounts. The limitations imposed by corporate IT seem to be a major driver for this behaviour with 40 per cent of respondents saying that an unlimited work mailbox would make them less like to use their personal email account for work purposes.

However the research suggests that moving from a ‘controlling’ to an ‘empowering’ environment will not by itself be enough; a technological solution is also needed to ensure compliant email behaviour and reduce the need to ‘work around’ the limitations of corporate email.

Key findings for the report were:

– 66 per cent of employees state that email remains their favourite means of communication
– 40 per cent of those asked say that if they had an unlimited mailbox at work, they would be less likely to send work emails to personal email accounts
– Only half of email workers (54 per cent) say that their company has an email policy, 29 per cent say there is no email policy and 1 in 6 (17 per cent) don’t even know
– Where email policies exist, only 42 per cent cover email management, appropriate use of email (88 per cent) and only 30 per cent include issues relating to email retention
– 4 in 10 (40 per cent) corporate email users think that their email policy could be better communicated

Peter Bauer, CEO and co-founder of Mimecast, commented; “Email policies need to evolve to reflect the high levels of sophistication amongst email users today and the changing communications landscape within companies. Although individuals are seemingly aware of the risks of sending work documents outside the corporate email environment, this awareness is not translating into safe behaviour. A significant proportion still believes that sending work documents to personal emails is an acceptable practice. Getting employees to care about this risk is only part of the solution; employers must take responsibility for closing this disconnect through a holistic effort encompassing email systems, policy and culture. The most progressive companies will be those whose email systems and policies support the needs of both the business and its employees.”

Supplier of cloud-based email security, continuity and archiving software Mimecast commissioned Loudhouse, an independent marketing research consultancy, to conduct a survey of more than 2,400 online interviews with corporate email users in the UK (1,080 interviews), the US (805), Canada (272) and South Africa (300).

‘Generation Gmail: Is business email at risk?’
Mimecast recently hosted an online discussion looking at this research in greater depth. To hear the debate, which was chaired by Mimecast Chief Scientist, Nathaniel Borenstein and featured Director of Communities and Content, Justin Pirie, and CEO of First Base Technologies ISACA, Peter Wood please follow the link below:
http://mediazone.brighttalk.com/event/infosecurity/79cc30c735-4820-intro