The idea that overconfidence drives risky behavior isn’t new or surprising. Think about automobile drivers. I bet if you ask your friends whether or not they are safe drivers, the vast majority will say “Yes, of course,” but when you are a passenger in their car, you notice that they will grab their cellphone to make a quick call, forget to use turn signals or blow through the light right after it turns red.
The same goes for our behaviors on the Internet, in particular our email habits. Many of us in the business world have been using email for a couple of decades now; young employees grew up with an email account of their own. Using email is something we take for granted--we’ve used it for so long, of course we know what we’re doing.
However, a new study by SilverSky, "Overconfident Employees and the Lack of Email Security Tools Lead to Risky Business," found that while that 98 percent of U.S. employees think they’re “better” when it comes to email security than their careless co-workers, the reality is 56 percent admit to sending an email to the wrong person by mistake; one in every five employees know someone who has been reprimanded for not following email protocol at work; and 53 percent have received unencrypted, risky corporate data via email or email attachments.
Companies don’t do enough to improve email security on their end. Only 32 percent of organizations currently use an email data loss prevention (DLP) solution, and even fewer (21 percent) use an email encryption solution. As such, 46 percent of respondents indicated that email security could be improved within their organizations.
The risks of being careless are significant. To employees, email is an essential tool. A study conducted last year by the McKinsey Global Institute found that workers spend 2.6 hours per day reading and answering emails. Other surveys found that the average employee approximately receives 100 emails a day. A different SilverSky study, "Five Strategies for Email Data Loss Prevention," stated:
One in every 20 of those emails contains ‘risky’ data--from sensitive attachments to social security numbers to protected health information to valuable corporate secrets that set your organization apart. All of this risky data can become toxic to your company if it’s hacked or suffers a breach--causing reputational damage, customer loss, heavy fines and decreased competitive edge. For a 1,000-employee company, that means at least 1.5 million risky emails per year must be reviewed, blocked, encrypted or archived.
So the next time you go to send an email, take a moment to ensure that it is secure, rather than just assuming it is because you feel confident in your email security knowledge.