Restrictive Email Policies Create Hidden Security Risks for SMEs
Mimecast today announced the second instalment of its Generation Gmail Report– an international study investigating how attitudes to work email use are evolving and the differing ways in which employers are managing this core communication channel. The report indicates that IT departments are fighting a losing battle in seeking to constrain employees’ behaviour through policy alone. Findings suggest that a new approach is needed in order to empower employees while protecting corporate intellectual property and ensuring the business complies with the relevant regulations.
The research found that information workers want to be able to use email as flexibly in the workplace as they can in their personal lives. When they are unable to work in the way that they want using corporate technology, employees are willing to work around these issues by using their personal email accounts.
The study found that 79% of people send work emails from their personal email accounts, with 1 in 5 saying they do this on a regular basis. Awareness of the security risks this poses does not seem to prevent this behaviour; 71% of people questioned recognise that there is an additional risk in sending work documents outside the corporate email environment but 47% still think it is acceptable to send work emails and documents to personal email accounts. The limitations imposed by corporate IT seem to be a major driver for this behaviour with 40% of respondents saying that an unlimited work mailbox would make them less like to use their personal email account for work purposes.
However the research suggests that moving from a ‘controlling’ to an ‘empowering’ environment will not by itself be enough; a technological solution is also needed to ensure compliant email behaviour and reduce the need to ‘work around’ the limitations of corporate email.
Key findings for the report were:
- 66% of employees state that email remains their favourite means of communication
- 40% of those asked say that if they had an unlimited mailbox at work, they would be less likely to send work emails to personal email accounts
- Only half of email workers (54%) say that their company has an email policy, 29% say there is no email policy and 1 in 6 (17%) don’t even know
- Where email policies exist, only 42% cover email management, appropriate use of email (88%) and only 30% include issues relating to email retention
- 4 in 10 (40%) corporate email users think that their email policy could be better communicated
Peter Bauer, CEO and co-founder of Mimecast, commented;
“Email policies need to evolve to reflect the high levels of sophistication amongst email users today and the changing communications landscape within companies. Although individuals are seemingly aware of the risks of sending work documents outside the corporate email environment, this awareness is not translating into safe behaviour. A significant proportion still believes that sending work documents to personal emails is an acceptable practice. Getting employees to care about this risk is only part of the solution; employers must take responsibility for closing this disconnect through a holistic effort encompassing email systems, policy and culture. The most progressive companies will be those whose email systems and policies support the needs of both the business and its employees.”
Mimecast commissioned Loudhouse, an independent marketing research consultancy, to conduct a survey of more than 2,400 online interviews with corporate email users in the UK (1,080 interviews), the US (805), Canada (272) and South Africa (300).
For further business advice on the subject see our article An email policy for your employees.