Managers’ lax e-mail use is ‘putting security at risk’

Managers are jeopardising the security of company information by exchanging unsecured, confidential information in e-mail sent to shared inboxes.

Managers are jeopardising the security of company information by exchanging unsecured, confidential information in e-mail sent to shared inboxes.

According to a survey of 300 PAs at 250 companies by e-mail management firm Mesmo, this results in 82% of them reading confidential information in error.

The research examined who controls the e-mail inbox in the PA/manager relationship and how managers behave as e-mail users.

Although many executives manage their own e-mail - often by remote devices such as Blackberries - most hand over their inboxes to their PA when they are out of the office or in meetings.

Fifty percent of “IT savvy” managers leave the inbox entirely in the control of their PA, closely followed by 40% of “IT confident” users, and a massive 75% of “basic IT” users.

Although these PAs had been given permission to manage their bosses’ inboxes, they are receiving confidential material as open documents rather than password-protected attachments.

Only 15% of companies had a policy regarding confidentiality. Many firms thought that putting a confidentiality notice at the foot of an e-mail protects them, even though by the time most people see the notice it has already been read.

Similarly, putting “confidential” in the subject line will not keep the contents secure if the recipient has their reading preview pane open.

Although the survey showed that the majority of companies have ‘Acceptable User’ policies for the internet, only a third provide proper e-mail guidance.

Sloppy e-mail management puts UK firms at risk >>

Make e-mail work for you >>

Not looking at the whole security picture >>

David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management

Comment on this article:

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.