Home News Corporate Email is a Root for Accidental Data Breaches: Survey

Corporate Email is a Root for Accidental Data Breaches: Survey

Business Email Compromise Attacks

According to a survey, titled Current Status of Data Privacy Compliance, from Email security provider Egress, around 44 percent of employees admit that they’ve mistakenly exposed personally identifiable information (PII) or business-sensitive information using their corporate email accounts. Over 70 percent of respondents have experienced this type of breach during the last five years, with half of these incidents occurring in the previous 12 months.

The survey also highlighted that accidental internal breaches are rising. Based on the responses from 500 IT security decision-makers in the U.S., accidental employee breaches are ranked as one of the top three security concerns (46 percent), behind external hacks (55 percent), and malware attacks (53 percent).

Egress helps enterprises with its human layer security solutions to receive, share, and manage sensitive information securely, meeting compliance requirements. The company claims that it uses contextual machine learning to ensure information is protected against the risk of data breaches. Egress said it commissioned a web-based survey to verify the current status of data privacy compliance.

Emails Pose Major Risk

Both corporate and personal emails are the main cause for accidental data leaks, according to survey results. The other risks include file-sharing services (39 percent), collaboration tools (34 percent), and SMS instant messaging (33 percent).

Despite awareness of these risks, one in four respondents (26 percent) stated that employees share sensitive data outside of the organization without encryption. Also, internal data sharing has become a risky task, with 65 percent of respondents revealing that their organization does not use encryption for internal data sharing.

The security leaders stated that around 93 percent of organizations have already taken steps to comply with regulations like GDPR (General Data Protection Regulation) and the pending CCPA (California Consumer Privacy Act).

And the results include improved use of security technologies (58.8 percent), better data handling practices (55.8 percent), investment in new security technologies (55.2 percent), staff education (39.6 percent), and hiring new security personnel (29.2 percent).

“We’re only human and people are always going to make mistakes. But as the workforce has become more reliant on digital communication, and is increasingly remote and flexible, it has also become more difficult for traditional network perimeter security technologies to protect data,” said Tony Pepper, Chief Executive Officer at Egress. “People are now the new security perimeter in most organizations, and as a result, businesses need to evolve the way they protect themselves. This research highlights the growing imperative to detect abnormal human behavior – including accidental data leaks – to stop breaches before they occur.”