Email security: Perception vs. reality
When it comes to email security in the workplace, 98 percent of employees believe they demonstrate either equally secure or more secure behaviors than their colleagues.
SilverSky’s study examines corporate email security habits and perceptions, and is based on a survey of 119 business professionals at U.S. organizations across a variety of industries.
Key findings from the study include:
- Forty-three percent of respondents indicated they were “very concerned about email security and go above and beyond the company prescribed procedures” to protect their business communications.
- Thirty percent of respondents claimed to be “much more security conscious” than their co-workers.
- The majority of respondents (56 percent) have accidently sent an email to the wrong person while at work. Additionally, more than half of employees (53 percent) have received unencrypted, risky corporate data (credit card numbers, social security numbers, etc.) via emails or email attachments.
- One in five respondents know of someone within their organization who has been caught and reprimanded for sending out sensitive information without adhering to corporate protocol.
- Many (53 percent) were quick to single out co-workers, saying they’ve received unencrypted, sensitive data – such as sensitive attachments, social security numbers, protected health information and valuable corporate secrets – via email. Yet only 17 percent admitted to sending out this risky data themselves.
- Only 32 percent of organizations currently use an email data loss prevention (DLP) solution, and even fewer (21 percent) use an email encryption solution. As such, 46 percent of respondents indicated that email security could be improved within their organizations.
This study points to a strong “superiority bias” effect, or inflated employee overconfidence, when it comes to corporate email security. However, this overconfidence could be potentially dangerous for businesses, as it could lead to poor email security habits, which ultimately lead to real legal, regulatory and reputational risks through data loss.
“How many times have you been slapped with a speeding ticket in the past year? Now think about how many times you’ve driven over the speed limit in the same time period – my guess is for most of us, that number is significantly higher,” said Andrew Jaquith, Chief Technology Officer and SVP, Cloud Strategy at SilverSky. “The new SilverSky study draws many parallels between email security habits and driving habits. The vast majority of drivers perceive themselves to be attentive, safe operators, but in reality, most speed, eat and talk or text while behind the wheel. Likewise, many employees consider their email security behaviors to be superior to those of their colleagues. However, this hubris is likely to lead to careless behavior that could have serious consequences for the organization.”