In the annual study of DLP (Data Loss Prevention) and outbound email, Proofpoint actually got companies to admit that not only do they read your email at work; they hire people to do it. The study found that large enterprises continue to see information leaks over outbound email, as well as newer communications media such as blogs, message boards, media sharing sites, and mobile devices. It also shows that companies are taking action, terminating employees for placing data at risk in the first place.
Companies crack the whip on email policy violations. (IMG:J.Anderson0
So who reads your email at the office? Apparently more people than you think. Forty-four percent of the companies responding to the study said that they investigated an email leak of confidential information in the past year. Forty-one percent reported that they employ staff to read or otherwise analyze the contents of outbound email. In addition, twenty-two percent said they employ staff primarily or exclusively for this purpose.
There are several cases where someone has been terminated over the contents of email. Most are fired under a clause in the company’s Internet Usage Policy. The debate is a huge one, with people expecting privacy when they send email, often personal, from a work account or access personal accounts at the office. Simply put, you have no privacy at the office, and if you get any at all, you should expect very little. Some companies will offer some “personal time” and allow internet usage, but mostly everything you send is logged and monitored, and yes even read by someone else.
In the last year, of the companies who responded to Proofpoint, forty percent investigated an email-based violation of privacy or data protection regulations. Twenty-six percent terminated an employee for violating email policy, thirty-four percent reported that employee email was subpoenaed, and twenty-three percent said their business was impacted by the exposure of sensitive or embarrassing information. The last two stats give a clear reason why email would be screened, or outright read by your employer.
Other data in the study shows that data loss related to email is not the only security worry businesses face. Respondents indicated significant risk resulting from employee use of blogs, message boards and media sharing sites (such as YouTube), as well as mobile devices. Twenty-seven percent had investigated the exposure of confidential, sensitive, or private information from lost or stolen mobile devices in the last year. Eleven percent reported disciplining employees for improper use of blogs/message boards, thirteen percent disciplined employees for social network violations, and fourteen percent for improper use of media sharing sites.
DLP is hot issue; Proofpoint is a DLP vendor, so the results of the study fit right into their business model. However, it serves a point, without the sales position, to demonstrate the need for security models that focus on the information and not the user. Focus on what needs to be protected information wise, and protect that and enforce the protections with policy for the end users. Clearly, with the listed investigations and terminations, companies are doing this. Nevertheless, there is still a long way to go.
Comment on this Story