HIPAA Regulatory Alert

Study says e-mail is source of data leaks

Unencrypted mobile devices contribute

E-mail practices and mobile e-mail cause the most concern for data protection and regulatory compliance, according to the 830 individuals whose responses were included in a study conducted by the Ponemon Institute and Zix Corp., an e-mail encryption service.

When examining everyday e-mail practices, the study found:

• The majority of respondents strongly agree or agree that the use of e-mail by employees is one of the main sources of data leakage in their organizations.

• 70% of respondents are concerned about the loss of information via e-mail on mobile devices.

• Based on survey results, respondents believe employee behavior continues to place organizations at risk.

• Nearly 70% believe employees ignore policies about e-mailing unencrypted sensitive or confidential documents through insecure channels.

• More than 60% believe employees mistakenly send unencrypted confidential information to other recipient(s) outside the workplace.

• More than 60% believe employees send unencrypted confidential information through insecure e-mail channels, such as personal web-based e-mail.

As more business is conducted outside the office, mobile security has gained considerable attention as a potential threat to data protection and compliance. The study revealed 70% of respondents are concerned with data loss via mobile e-mail. As a result of this concern and the complexity of e-mail encryption on mobile devices, less than one-third of respondents have ever opened an encrypted e-mail on a mobile device.

To see a copy of the full report go to survey.zixcorp.com/downloads/ZixCorpPonemonE-mailEncryptionSurveyReport.pdf.