Restrictive e-mail policies: Hidden security risks for business
IT departments are fighting a losing battle in seeking to constrain employees’ behavior through policy alone, according to Mimecast.
Findings suggest that a new approach is needed in order to empower employees while protecting corporate intellectual property and ensuring the business complies with the relevant regulations.
The research found that information workers want to be able to use e-mail as flexibly in the workplace as they can in their personal lives. When they are unable to work in the way that they want using corporate technology, employees are willing to work around these issues by using their personal e-mail accounts.
The study found that 79 per cent of people send work e-mails from their personal e-mail accounts, with 1 in 5 saying they do this on a regular basis. Awareness of the security risks this poses does not seem to prevent this behavior.
71 per cent of people questioned recognize that there is an additional risk in sending work documents outside the corporate e-mail environment but 47 per cent still think it is acceptable to send work e-mails and documents to personal e-mail accounts.
The limitations imposed by corporate IT seem to be a major driver for this behavior with 40 per cent of respondents saying that an unlimited work mailbox would make them less like to use their personal e-mail account for work purposes.
However the research suggests that moving from a “controlling’ to an “empowering’ environment will not by itself be enough; a technological solution is also needed to ensure compliant e-mail behavior and reduce the need to “work around’ the limitations of corporate e-mail.
Key findings for the report were:
- 66 per cent of employees state that email remains their favourite means of communication
- 40 per cent of those asked say that if they had an unlimited mailbox at work, they would be less likely to send work emails to personal email accounts
- Only half of email workers (54 per cent) say that their company has an email policy, 29 per cent say there is no email policy and 1 in 6 (17 per cent) don’t even know
- Where email policies exist, only 42 per cent cover email management, appropriate use of email (88 per cent) and only 30 per cent include issues relating to email retention
- 4 in 10 (40 per cent) corporate email users think that their email policy could be better communicated.