Confidential data at risk from poor awareness

Companies need easier-to-use encryption capabilities in email clients

A new study into business practices for handling sensitive email content securely from secure messaging solutions provider CertifiedMail has found that sensitive data is being put at risk because of old-fashioned perceptions and lack of understanding.

The survey, ‘The Joint Research Report: Encryption Solution Implementation Landscape’ examined 205 enterprises across a range of vertical industries and found that over a quarter (27%) of firms had experienced an accidental or malicious data leak during the previous 12 months.

Yet nearly half (47%) of IT users did not have the ability to send encrypted email directly from their desktop and only 45% could send encrypted email manually through their email client. In addition, only 13% were able to send encrypted emails automatically through some sort of policy-based encryption capability.

Even among those that could send a manually encrypted email, 22% found doing so somewhat difficult or difficult, while another 44% considered sending encrypted email manually to be “not too difficult”.

CertifiedMail attributes the view that encrypted email is generally difficult to use from the legacy of difficult-to-use, difficult-to-manage and expensive infrastructures that were not scalable and caused other problems.  It argues that even though today’s encrypted email systems are substantially easier to use than early-generation systems, the legacy continues to hold true for many decision makers.

“The results of this survey clearly indicate what organisations should do to protect their confidential data and their organisations from financial and other harm,” said Michael Osterman, President, Osterman Research who carried out the survey. “Companies need to deploy an easy-to-use encryption capability that will allow users to encrypt private content, even content that is only mildly sensitive. This will ensure that organisations are protected from the potential loss of sensitive information that could come back to harm them.”

In a further pointer for the industry as to what it needs to do to improve the amount of encrypted emails sent, survey respondents indicated that if encrypting an email were a one-click function from the email client, infrequent users would likely use encryption frequently for all types of communications, even those that contained only moderately sensitive content. Additionally, nearly half of users would like to have automatic encryption capabilities.

Read more on IT risk management