Distrust of employees drives email monitoring

The rising use of mobile devices and the fear that sensitive data is escaping through outbound email has some firms adding employees to monitor messages.

Four out of 10 large British companies are so worried about what their employees are doing that they employ people to read the content of outgoing emails, a new survey has found.

Staff get little education after the initial induction course, unless they do something wrong.
David Stanley,
vice president and managing directorProofpoint Europe

This level of apparent distrust seem to be higher than in other industrialised countries, notably the US, France, Germany and Australia, which were also surveyed.

The figures come from a study carried out by Forrester Research on behalf of Proofpoint, and are based on interviews with companies employing more than 20,000 employees. The study, now in its fifth year, has previously focused exclusively on US companies, but broadened its coverage this year, and includes 32 UK-based organisations.

While the sample is quite small, it is still surprising to see that 78% of the UK companies – far higher than anywhere else – had reprimanded an employee in the last year for misuse of email, and 44% had actually fired an employee on account of it.

"It's an incredible finding when there are technologies that can get rid of that requirement. It's bit like having a locked cupboard in the room, they are afraid of what they don't really know," said David Stanley, who heads up Proofpoint in Europe. "It's also incredible they can get anyone to do the job of reading emails."

But emails are not the only source of concern. Lost mobile devices had triggered investigations at 28% of UK companies because of the potential exposure of sensitive information.

Indiscreet blogs or message board postings had been a problem for 16% of UK companies (in Germany it was 17%), and 9% of UK companies had investigated the exposure of sensitive information via video or audio media posted to a media sharing site (in France, it was 10%).

Paradoxically, the UK was also way ahead of any of the other countries in using technology to monitor content in webmail and other HTTP traffic (such as Hotmail and Gmail) – 66% against 35% in the US, and even less in the other countries.

Stanley said the results reflected a strong desire for privacy among British people. He predicted the figures would go down as companies learned to distinguish between serious misbehaviour and mistakes by staff.

"I think people are being disciplined over misdemeanours that may be viewed less seriously in a year or two because companies will start to realise what constitutes risky and non-risky data. At the moment they are not sure which is which, so there is an over-reaction," he said.

He also argued for better user training to help them avoid making mistakes. "At the moment if someone does something wrong, they are disciplined, whereas you could have software that warns people when they are about to make a mistake," he said. "At the moment deployment of technologies don't really match policies. Staff get little education after the initial induction course, unless they do something wrong."

Read more on Privacy and data protection