Businesses are putting their reputations at risk by
failing to monitor the contents of outgoing e-mails for
inappropriate or commercially confidential material, according to a
Department of Trade & Industry study.
The DTI Information Security Breaches Survey 2006 revealed that
although 90% of firms rate their reputation as one of the most
important drivers for information security, only 17% have systems
in place to check outgoing e-mails.
The failure is leaving firms open to theft of confidential
information and both deliberate and accidental abuse of e-mail
systems. This could damage a company's reputation, or put them at
risk of legal action, said Chris Potter, partner at
PricewaterhouseCoopers, which conducted the survey.
"Given how important reputation is to business, it is surprising
that five-sixths do not scan outgoing e-mail for inappropriate
content," he said.
In one case an employee e-mailed the firm's entire customer
database to a competitor. In another case, a manufacturer e-mailed
confidential information about a customer to another customer with
a similar name, the survey revealed.
The number of firms that scan incoming e-mail for viruses and
spam has increased to more than 90%, the survey of 1,000 companies
found.
But few take steps to protect confidential information sent by
e-mail, with only 25% of firms using encrypted e-mail to share
information with business partners.
Only 20% have procedures in place to gather digital evidence to
a standard that would be acceptable in a court of law, if security
breaches occurred.
Businesses are also putting themselves at risk of data
protection breaches by failing to block employee access to online
contact management systems that store personal data on external
servers.
On the positive side, over the past two years, the proportion of
firms with acceptable use policies for e-mail and web has risen
from 43% to 63%, rising to 89% for large businesses. Seventy five
per cent of firms now insist their staff sign policies before
allowing them access to the internet.
Full results of the survey will be launched at Infosecurity
Europe in London on 25-27 April
The internal risk
Staff misusing the internet, by visiting inappropriate websites
or excessive web surfing, is the largest security problem for
businesses after viruses, the DTI Information Security Breaches
Survey 2006 revealed.
Nearly 20% of businesses reported staff misuse of the web and
11% e-mail misuse. But for large companies web misuse rose to 52%
and e-mail misuse to 43%.
About 40% of the worst incidents involved staff accessing
inappropriate websites and 36% involved excessive web surfing.