Survey Series, Part 1: Why organizations view email as a main source of data leaks


Thought Leadership

Survey Series, Part 1: Why organizations view email as a main source of data leaks

Geoff Bibby

The 2011 “State of Email Encryption” study offered some startling results, beginning with the revelation that 59 percent of respondents strongly agree or agree that the use of email by employees is one of the main sources of data leakage in their organizations. Surprised by that number? We’re not. While IT, IT security and compliance practitioners may understand the risks of sending sensitive data in email, most employees perceive email as safe and easy. Easy it is; safe it isn’t.

We confirmed this perception by analyzing user behavior. Respondents believe employee behavior continues to place organizations at risk, and this is how:

•Nearly 70 percent believe employees ignore policies about emailing unencrypted sensitive or confidential documents through insecure channels
•More than 60 percent believe employees mistakenly send unencrypted confidential information to other recipient(s) outside the workplace
•More than 60 percent believe employees send unencrypted confidential information through insecure email channels, such as personal Web-based email

More often than not, employees don’t have malicious intent when they circumvent policies. They’re simply trying to do their jobs efficiently, and email is the go-to business tool that enables them to do just that.

So how do organizations secure email and reduce risks associated with employee behavioral risks? The answer: easy-to-use email encryption.

Policy-based email encryption and transparency eliminate extra steps and frustration, which enables email data protection. Policy-based email encryption automatically scans all outbound email leaving, and if any sensitive data is detected in the email, subject line or attachments, it is automatically encrypted. Transparency occurs when neither the sender nor receiver has to perform any extra steps. Not even a password is needed. Encrypted email is sent and received like a regular email. (By the way, only ZixCorp offers fully transparent, policy-based email encryption through ZixGateway.)

By leveraging these email encryption enhancements, the steps that require extra time and frustration are eliminated. As a result, employees can communicate easily and securely, and organizations can reduce email risks and confidently reverse their view of email as one of the main causes of data loss.

Up next week, part 2 of our Survey Blog Series: Mobile email concerns and how technology can help or hinder mobile business operations.