Email encryption provider, DataMotion, has released results of its second annual survey on corporate email and file transfer habits. Among the findings is a far-reaching communications disconnect between IT management and non-IT employees on security and compliance policies. Results also showed a disturbing percentage in IT management taking compliance risks. Additionally, the survey looked at such critical areas as the use of free consumer-type file transfer tools and corporate email on mobile devices. The survey polled more than 400 IT and business decision-makers, focusing on industries that deal with sensitive data and compliance regulations such as financial services, health care and government.
Click through for results from a survey on corporate email and file transfer habits from DataMotion.
IT managers face communications disconnect.
A telling sign of disconnect is the confidence respondents had in their company’s ability to pass a compliance audit: Non-IT employees are much more confident (65.2 percent are “very” confident) than those in IT management (46.6 percent). Both IT and non-IT respondents overwhelmingly said their companies have a process for updating and communicating security and compliance policies for transferring files electronically. Yet, a larger percentage of non-IT personnel (75.5 percent) versus IT management (61.9 percent) believe employees/coworkers fully understand these policies. While IT management takes a dimmer view on comprehension, on average, roughly one in three respondents felt employees/coworkers do not fully understand these policies. Also, 51.6 percent of IT management said free consumer-type file transfer services are forbidden at their companies – yet only 24 percent of non-IT workers agreed.
Email encryption and mobile devices.
Although 94.2 percent of IT management said mobile devices for corporate email are allowed, only 62 percent of non-IT personnel agreed – yet most still use these. Among organizations with email encryption capabilities, 44.4 percent still lack the ability to send and receive encrypted email from their mobile email client. Overall, only 44 percent of respondents said their company has a BYOD policy, even as 86.7 percent of these same organizations permit the use of mobile devices for email. And while 56.1 percent of IT management said they have a BYOD policy in place, 74.9 percent of non-IT employees say they either don’t or are unsure, another clear indication that policies are not being effectively communicated.
Signs of improvement
Of those surveyed, 71.7 percent said they now have email encryption capabilities, a 6.2 percent increase over 2012 survey results. Confidence in compliance has grown as well: 48.1 percent feeling “very” confident their company would pass a compliance audit, compared to 37.5 percent a year ago. Of the 80.9 percent of respondents who said their company has security and compliance policies for transferring files electronically, 59 percent described enforcement as “very aggressive,” a nearly 12 percent increase over 2012.
Still, serious risk-taking continues.
Despite improvements, 79.5 percent of respondents believe employees/coworkers routinely or occasionally violate security and compliance policies for transferring files electronically. When asked about their approach to compliance, more than one in five in IT management (22.3 percent) said about their company, “we take risks because we don’t have the resources to be totally compliant.” Nearly two in three (62.6 percent) in IT management said policy filtering, used to monitor the content of outbound email and file attachments for compliance purposes, causes problems with false positives. Nearly a quarter (24.2 percent) admit to having gone as far as to turn off their policy-based filtering.
Health care surprises, but gaps persist.
Health care, often considered slow to adopt new technology measures, is making strong gains. When asked if their company has security and compliance policies for transferring files electronically, health care was well above average, with 90.4 percent saying “yes.” When asked if employees/co-workers have the capability to encrypt email, health care was ahead with 84.8 percent saying “yes.”
Despite improvements, problems persist. Roughly one in three health care respondents felt employees/co-workers do not fully understand policies, with three in four feeling employees/co-workers “routinely” or “occasionally” violate these. While 87.7 percent said their company permits use of mobile devices for email, 40.3 percent report no BYOD policy and 11.7 percent are unsure. And, more than a quarter have used, or recommended others use, free consumer-type file transfer services, with 30.5 percent saying their company doesn’t forbid use of these services.
What to do?
According to DataMotion CTO Bob Janacek; “There’s always a demand for new tools such as email on mobile devices, companies and employees look for better ways to get the job done. The challenge is to provide encryption and filtering tools that are easy for people to use, and dependable so they don’t get disabled. IT also has to keep pace, which is why the communications disconnect with non-IT employees, and risks being taken, require immediate attention. Also, regulatory developments in many industries have expanded; companies not previously impacted, might be now. C-level executives should take notice of these findings. Hopefully, this will help businesses anticipate and overcome issues, especially in an age where security and compliance can dramatically impact the bottom line.”