News

Study: Companies Struggle To Keep Data Safe

A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast

By Tom Jowitt, Techworld.com

August 05, 2008 — CSO —

A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast.

The survey was carried out by Emedia on behalf of the e-mail management provider, and interviewed 125 IT managers in the United Kingdom.

It found that only 6 percent of respondents were confident that anyone attempting to send confidential information by e-mail out of the organization, would be prevented from doing so.

The study also showed that 32 percent of companies would not even be aware that confidential information had been leaked, and therefore would be unable to take steps to minimize the damage or track down the source of the information.

However 62 percent said they would be able to retrospectively identify the e-mail leak once the information had been sent, but they did confess to being unable to prevent its disclosure.

"The figures show that organizations haven't nailed down the e-mail channel," said Tim Pickard, marketing director at Mimecast. "e-mail protection is catching on as a technology that manages information, as the industry moves away from protect-and-defense, to becoming more aware how information flows around the organization."

And it seems the analyst community agrees. "These figures do not surprise me - on the whole employees are not sending stuff out maliciously, but through carelessness or lack of forethought," said Bob Tarzey, security analyst at Quocirca.

"Education can help to some extent, but many employees are using communications tools all day, every day and mistakes will happen, so having checks in place makes sense. Affordability of available technology to tackle the problem is also a problem, as most businesses are unable to invest in the high end, on-premise Data Leak Prevention (DLP) products that large business can."

The survey also revealed that a quarter of companies couldn't retrieve an e-mail that had been sent 3 years ago. A further 29 percent said it would take days, or even weeks - to retrieve the information.

"Most leaks occur via e-mail," confirmed James Blake, Mimecast's chief product strategist. "Two thirds of data leaks occur via e-mail." He highlighted an Infowatch survey, which said that 95 percent of leaks are accidental. "I would go along with that figure," he said. "From what I have seen most leaks are accidental."

Yet e-mail leaks are nothing new. Back in May this year, the Conservative party accidentally e-mailed the voting intentions of 8,000 voters in the Crewe and Nantwhich by election, to a journalist at a local radio station. It was thought that the automated completion of an e-mail address was to blame for the mistake.