Managers are jeopardising the security of company information by exchanging unsecured, confidential information in e-mail sent to shared inboxes.
According to a survey of 300 PAs at 250 companies by e-mail management firm Mesmo, this results in 82% of them reading confidential information in error.
The research examined who controls the e-mail inbox in the PA/manager relationship and how managers behave as e-mail users.
Although many executives manage their own e-mail - often by remote devices such as Blackberries - most hand over their inboxes to their PA when they are out of the office or in meetings.
Fifty percent of “IT savvy” managers leave the inbox entirely in the control of their PA, closely followed by 40% of “IT confident” users, and a massive 75% of “basic IT” users.
Although these PAs had been given permission to manage their bosses’ inboxes, they are receiving confidential material as open documents rather than password-protected attachments.
Only 15% of companies had a policy regarding confidentiality. Many firms thought that putting a confidentiality notice at the foot of an e-mail protects them, even though by the time most people see the notice it has already been read.
Similarly, putting “confidential” in the subject line will not keep the contents secure if the recipient has their reading preview pane open.
Although the survey showed that the majority of companies have ‘Acceptable User’ policies for the internet, only a third provide proper e-mail guidance.
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management
Comment on this article: firstname.lastname@example.org