Accidental data leaks via outgoing emails pose a higher security risk to businesses than inbound malicious attacks. This is the surprising findings of a survey conducted by EACS in conjunction with Mimecast, and is now available to download in its White Paper, Email Security Trends 2015/16.
In the survey, which was conducted among a mix of large businesses and SMEs, 28% of respondents cited human error, such as sending confidential data, as being the biggest threat to corporate email security. External threats such as spear phishing and gateway attacks were considered a much lower threat, along with the risk of respondent’s partners or extended supply chains exposing corporate email vulnerabilities.
While human activity is the greatest concern, one in five of businesses surveyed were also worried about the increased use of portable devices such as smart phones and tablets on the corporate network, particularly given the increase in bring-your-own-device (BYOD) usage. Other key concerns included the use of external hardware such as USB sticks, with 17% of respondents acknowledging this as an issue and 16% concerned about spear phishing.
People are the biggest risk factor when it comes to corporate email security and all employees have a valuable role to play in keeping an organisation’s IT system safe. Clear and effective policies and processes need to be in place to minimise this risk and it is crucial that employees understand how their actions can affect the business.
If company guidelines are too complex, many employees will simply find their own solution, potentially opening up the organisation to attack.
Not surprisingly, upgrading or improving email security protection was the key priority for respondents when thinking about updating their email solutions. This was followed by the desire to reduce or control their IT costs. Other priorities included being able to provide better support for mobility and BYOD schemes as well as the ability to quickly identify and minimise the number of external attacks faster.
Email systems are the lifeblood of many businesses. Having effective email security in place is a critical defense barrier against hackers seeking to capture and exploit valuable corporate information and disrupt business operations. It is impossible to prevent attacks on our networks from being attempted but there are a number of systems that we can put in place which integrate seamlessly with existing packages and minimise the impact of such activity.
EACS designs and implements solutions to deal with email management challenges for companies of all shapes and sizes whether they have local email servers, cloud- based services or hybrid systems for their email.
Survey and report methodology
The underlying data is based on the results of an online survey sent to selected EACS contacts including CIOs, IT directors and IT managers. The online survey was conducted during June-July 2015 and resulted in 65 completed surveys.