Data Leaks Through Email

A Proofpoint study “Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008” has revealed some interesting data points on the dangers of using email and other online communication channels in the workplace.

Roger Matus highlighted some of the key findings on his blog Death By Email:

• 44% of companies reported that they investigated an email leak of confidential information in the past 12 months.
• 41% of the largest companies surveyed (those with 20,000 or more employees) reported that they employ staff to read or otherwise analyze the contents of outbound email.
• 26% of companies surveyed terminated an employee for violating email policies in the last 12 months.
• 23% of U.S. companies surveyed said their business was impacted by the exposure of sensitive or embarrassing information in the last 12 months.
• 34% of the largest companies (20,000 employees or more) reported that employee email was subpoenaed in the last 12 months.

In addition to email, companies must be aware of the inherent dangers of allowing employees free access to blogs, message boards, media sharing sites, and mobile devices.

• 27% of companies surveyed had investigated the exposure of confidential, sensitive or private information from lost or stolen mobile devices in the past 12 months.
• 11% of U.S. companies surveyed disciplined employees for improper use of blogs/message boards in the past 12 months.
• 13% of surveyed companies disciplined employees for social network violations and 14% for improper use of media sharing sites in the past 12 months.
• 14% of publicly traded companies surveyed had investigated the exposure of material financial information (such as unannounced financial results) on blogs or message board postings in the last 12 months.

The bottom line: Email is a critical business application and is not going away. Additionally, new media channels like blogs, message boards, and social networking sites are proving to be useful tools for marketing, collaboration, and research. However, companies and employees must understand the inherent risks associated with these applications. Employers should lay down specific guidelines for employees and incorporate technologies to track and prevent inappropriate use of such channels.