Quarter of UK Employees Have 'Purposefully Leaked Business Data'
New research from Egress Software Technologies has revealed that one in four (24%) UK employees have intentionally shared confidential business information outside their organization, typically to competitors or new and previous employers.
The firm quizzed 2000 workers whose jobs required them to frequently use email to shine a light on risks surrounding email misuse within the enterprise.
Half of respondents said they either had or would delete emails from their sent folder if they had sent information somewhere they shouldn’t, with more than a third (37%) admitting they do not always check emails before clicking send.
Of those who had sent an email to the wrong person by mistake, one in 10 admitted to leaking sensitive data such as bank details or customer information. Less crucially, but no less embarrassingly, 40% had also accidently insulted the recipient or included rude jokes, swear words or risqué messages.
With regards to the human factors behind sending emails in error, 68% of respondents said ‘rushing’ was the biggest problem, whilst alcohol was also deemed to play a part in 8% of wrongly sent emails. Technology didn’t fare much better either, with almost have of those polled blaming autofill tech for selecting the wrong recipient from a list.
“Email is frequently misused by the UK workforce,” said Tony Pepper, CEO and co-founder, Egress. “While offending an accidental recipient may cause red faces, leaking confidential information can amount to a data breach. As we move towards the EU General Data Protection Regulation, it has never been more important to get a grip on any possible risk points within the organization and, as this research shows, email needs serious attention.”
Speaking to Infosecurity Jenny Radcliffe, social engineer, speaker and host of The Human Factor podcast, said that, from a technical perspective, to help nullify risks surrounding email misuse companies should employ filters for large files or extended distribution lists and not allow users to include large numbers of recipients on an email without at least a ‘warning’ message or a technical/managerial ‘check’ feature.
“However, technical solutions only go so far and won't prevent a disgruntled employee causing damage or mistakes,” she added. “With 24-hour access to technology mistakes, mischief and malice will cause information to be widely distributed on occasion and the best defense for an enterprise remains good knowledge of individuals within the company. At line management level, being fully aware of what is ‘normal’ behavior from staff and addressing exceptions in an informed and practical way remains a good defensive measure in potentially detecting patterns of behavior that might eventually develop into serious risks for the organization.”
Source: Information Security Magazine