Managers are
jeopardising the security of company
information by exchanging unsecured, confidential information in
e-mail sent to shared inboxes.
According to a survey of 300 PAs at 250
companies by e-mail management firm Mesmo, this results in
82% of them reading confidential information in error.
The research examined who controls the e-mail inbox in the
PA/manager relationship and how managers behave as e-mail
users.
Although many executives manage their own e-mail - often by
remote devices such as Blackberries - most hand over their inboxes
to their PA when they are out of the office or in meetings.
Fifty percent of “IT savvy” managers leave the inbox entirely in
the control of their PA, closely followed by 40% of “IT confident”
users, and a massive 75% of “basic IT” users.
Although these PAs had been given permission to manage their
bosses’ inboxes, they are receiving confidential material as open
documents rather than password-protected attachments.
Only 15% of companies had a policy regarding confidentiality.
Many firms thought that putting a confidentiality notice at the
foot of an e-mail protects them, even though by the time most
people see the notice it has already been read.
Similarly, putting “confidential” in the subject line will not
keep the contents secure if the recipient has their reading preview
pane open.
Although the survey showed that the majority of companies have
‘Acceptable User’ policies for the internet, only a third provide
proper e-mail guidance.
Sloppy e-mail management puts UK firms at risk
>>
Make e-mail work for you >>
Not looking at the whole security picture
>>
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated
with managing security
Stuart King’s risk management blog
>>
Dealing with the operational challenges of information security and
risk management
Comment on this article:
computer.weekly@rbi.co.uk