There’s an interesting story in the Washington Post, “Companies Struggle to Keep Data Safe.” The lead paragraph in the story notes: “A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast.”
But it’s not just corporations that are having trouble with data security, especially data leaks through email:
“Most leaks occur via e-mail,” confirmed James Blake, Mimecast’s chief product strategist. “Two thirds of data leaks occur via e-mail.” He highlighted an Infowatch survey, which said that 95 percent of leaks are accidental. “I would go along with that figure,” he said. “From what I have seen most leaks are accidental.”
Yet e-mail leaks are nothing new. Back in May this year, the Conservative party accidentally e-mailed the voting intentions of 8,000 voters in the Crewe and Nantwhich by election, to a journalist at a local radio station. It was thought that the automated completion of an e-mail address was to blame for the mistake.
Government agencies — including election officials — might want to take a look at this article and some of the information it reports regarding data security issues.
The survey was conducted by Mimecast. Here’s the interesting content from the press release:
LONDON 29 July, 2008 – An independent survey commissioned by email management company Mimecast has revealed that an alarming 94% of companies are powerless to stop confidential information from leaving their organisation by email. The survey revealed that just 6% of all respondents were confident that anyone attempting to send confidential company information by email out of the organisation would be prevented from doing so.
The independent survey, conducted amongst a sample of 125 IT managers, revealed that 32% of companies would not even be aware that confidential information had been leaked so would be unable to take steps to minimise the damage or track down the source of the information. However, 62% would be able to retrospectively identify the email leak once the information had been sent, but confessed to being unable to prevent its disclosure.
According to Dr James Blake, security expert at Mimecast, “The picture revealed by this survey points to fundamental security issues with protecting not only a company’s own data but also customer data like patient records or credit card numbers.” He adds, “With the blurring of boundaries between company employees and external consultants, contractors, outsourcers and other third parties, it is now much more difficult to ensure the appropriate flow of information outside the organisation. Especially since the majority of employees are now knowledge workers with access to significant amounts of confidential data.”
According to Bob Tarzey, security analyst at Quo Circa, “These figures do not surprise me – on the whole employees are not sending stuff out maliciously, but through carelessness or lack of fore-thought. Education can help to some extent, but many employees are using communications tools all day, every day and mistakes will happen, so having checks in place makes sense. Affordability of available technology to tackle the problem is also a problem, as most businesses are unable to invest in the high end, on-premise Data Leak Prevention (DLP) products that large business can, so the availability of on-demand services like those offered by Mimecast to achieve the same end is welcome providing performance is not adversely affected.”