The Email Struggle: Corporate Information Assurance Issues

Corporate data loss on the rise, email still biggest threat says report

A report by data security firm Proofpoint, Inc. finds the number of large corporate organizations reporting the theft or loss of confidential company information, customer information and intellectual property continues to rise as new outlets for information sharing gain popularity. At the same time, breaches of corporate security through email continue to be the most frequent and damaging examples of information assurance failure.

Proofpoint polled 261 corporate security decision makers at companies with more than 1,000 employees and compiled the data into the report “Outbound Email and Data Loss Prevention in Today’s Enterprise, 2010.” Respondents were asked about the frequency of data loss events in the previous 12 months and given the opportunity to voice their concerns. More than a third (36%) of security executives said their company had fallen victim to the unauthorized exposure of sensitive or embarrassing information in the past year. Theft or exposure of private customer information was reported by 31% of those polled, while 29% of companies suffered theft or leakage of intellectual property during that time.

Email was the most frequently cited source for data loss by the survey participants, with 35% of executives reporting security violations via email. Half of the respondents confirm disciplining an employee for violations of company security policies using email, and 20% admit an employee was fired for such violations. 2010 was the seventh year Proofpoint has issued its data loss prevention report, and while email has been the number one source of data loss each year, the 2010 report signaled an alarming rise in security violations through social networking sites and other new-media outlets:

  • Data loss via posts on social networking sites such as Facebook and LinkedIn was reported by 20% of companies, with the same 20% reporting employee discipline related to the security breaches and seven percent of companies confirming employee terminations.
  • 53% of those polled say they are highly concerned about the risk of data loss via social networking.
  • 53% also prohibit the use of Facebook on company time or with company equipment while 31% explicitly ban the use of LinkedIn.
  • 49% of companies ban the micro-blogging and messaging site Twitter, and 17% reported a breach of data security via the service.

Traditional blog posting and message board participation by employees is another emerging area of concern for security executives. Twenty-five percent of companies reported data loss this way in the previous 12 months, and 11% confirm employee terminations due to private blog or message board activity. Video sharing sites such as YouTube and Vimeo are another culprit. Eighteen percent of companies say sensitive data was compromised via videos posted on these sites, with nine percent reporting employees were fired for their posts.

The rise in data loss may be facilitated by the growing number and popularity of information sharing outlets, but the underlying cause could be associated with current economic conditions according to participants in the Proofpoint survey. More than half of the companies polled (58%) say new budget constraints have hurt their ability to safeguard confidential, proprietary or sensitive information. Fifty-three percent report reductions in IT staff are having the same effect. At the same time, data loss or theft associated with employees leaving the company (either by layoff or voluntary/involuntary termination) was reported by 21% of surveyed companies.

Source: Proofpoint, Inc. report: “Outbound Email and Data Loss Prevention in Today’s Enterprise, 2010.”

Related: Information Assurance

Rankings and Recognition

Regis University

Regis University offers a variety of degree and certificate programs online and at our campuses in Colorado and Nevada. Click on the links below to view the other programs available.

> Online Programs