E-Mail Violations the Focus of Security Concerns

Companies have become very serious about their data retention policies and use of corporate assets, according to a new report from data loss prevention (DLP) provider Proofpoint. Thirty-one percent of those surveyed said they had fired an employee in the past 12 months for violating e-mail policies, and 51 percent said they had disciplined an employee for e-mail policy violations during the same period.

Companies are also cracking down on the use and misuse of social media.
Eight percent had fired an employee for posting sensitive or private information to a media sharing site such as YouTube and Vimeo, nine percent for doing so on a blog, and eight percent for doing so on a social media site such as Facebook or LinkedIn.

The survey, now in its sixth year, covered responses from 220 employees at companies with over 1,000 employees during the month of June, 2009. The latest version of the report is always available here for download for free, after registration.

The news comes shortly after the release of a survey that said that the majority of businesses lack written policies for social media. In Proofpoint’s survey, two-thirds of respondents had such a policy, Keith Crosley, Proofpoint director of market development and the author of the survey “Outbound Email and Data Loss Prevention in Today’s Enterprise, 2009” told InternetNews.com.

In contrast, most (84.5 percent of those surveyed) have an e-mail retention policy and 93.6 percent have a policy governing e-mail use. “But why would anyone not have an e-mail policy,” he asked. “Not having a policy could put you into a grey area if you need to discipline or terminate someone. In a litigious state like California, you couldn’t get away with not having an Acceptable Use Policy (AUP) for e-mail.”

The real costs of data policies

Crosley said that companies are more concerned about e-mail than about social media because of the cost of e-discovery . A single subpoena can cost millions.

“These are actual case studies,” he said. “One company that became a customer of ours had 5,000 employees. Their old data system was 1,000 tapes’ worth of e-mail backup and whenever they had an e-discovery event, the cost to get the consultant in and the cost of IT time added up to $2.5 million per attempt.”

Subpoenas are not uncommon. Twenty-four percent of those surveyed said that employee e-mail had been subpoenaed at least once in the past 12 months.

Many companies check outbound mail. Thirty-eight percent of those surveyed who work at companies with 20,000 or employees said they employ staff to read outbound e-mail.

News Around the Web