In its study of outbound email and data loss prevention issues, Proofpoint found that US companies are increasingly concerned about a growing number of data leaks caused by employee misuse of email, blogs, social networks, multimedia channels and even text messages.
According to the June 2009 study of 220 email decision makers at US companies with more than 1000 employees, organizations continue to embrace preventative measures – some more drastic than others.
For example, as more US companies reported their business was impacted by the exposure of sensitive or embarrassing information (34%, up from 23% in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound email (38%, up from 29 percent in 2008). The pain of data leakage has become so acute in 2009 that more US companies report they employ staff whose primary or exclusive job is to monitor the content of outbound email (33%, up from 15% in 2008).
In addition, companies are regularly ordered to produce employee email as part of legal actions, exposing its contents to outside scrutiny. Nearly a quarter (24%) of large US companies report that employee email was subpoenaed in the past 12 months.
When US companies investigated the exposure of confidential, sensitive or private information via email, blogs, multimedia channels, and/or social networks, the end result for the offending employee was generally very bad news.
Email still the #1 threat: 43% of US companies surveyed had investigated an email-based leak of confidential or proprietary information in the past 12 months. Nearly a third of them, 31%, terminated an employee for violating email policies in the same period (up from 26% in 2008).
Blogs breaches continue: 18% had investigated a data loss event via a blog or message board in the past 12 months. 17% disciplined an employee for violating blog or message board policies, while nearly nine percent reported terminating an employee for such a violation (both increases from 2008, 11% and six percent, respectively).
Video exposure: Given the rapid adoption of video and audio media within the enterprise – and the popularity of media sharing sites like YouTube – it’s no surprise that more US companies reported investigating exposure events across these channels (18 percent, up from 12 percent in 2008). As a result, 15% have disciplined an employee for violating multimedia sharing / posting policies in the past 12 months, while eight percent reported terminating an employee for such a violation.
Friends or foes?: Concerning social networks, US companies are also experiencing more exposure incidents involving sites like Facebook and LinkedIn as compared to 2008 (17% versus 12%). US companies are taking a much more forceful approach with offending employees – eight percent reported terminating an employee for such a violation as compared to only four percent in 2008.
Data loss in 140 characters or less: Even short message services like SMS texts and Twitter pose a risk. 13% of US companies investigated an exposure event involving mobile or Web-based short message services in the past 12 months.