Bosses accused of flouting email security

A new reports suggests that there is 'no so such thing as a confidential email'

Company managers are jeopardising security by sending and exchanging unsecured confidential information in email via shared inboxes.

A survey released by Mesmo, a European consultant in email management, suggests that 82 per cent of personal assistants end up reading confidential information in error.

The research examined email behaviour among 300 senior PAs at 250 companies.

Mesmo said that the survey underlines the fact that there is no so such thing as a confidential email, and that bosses are putting their PAs at risk by exposing them to sensitive data.

Although many executives manage their own email, most hand over their inboxes to their PA when they are out of the office or in meetings.

Half of 'IT savvy' managers leave the inbox entirely in the control of their PA, closely followed by 40 per cent of 'IT confident' users and a huge 75 per cent of 'basic IT' users.

Monica Seeley, managing partner and founder of Mesmo, said: "With proper guidelines and training, shared inboxes need not be a problem. But human error is creating real security breaches."

Seeley explained that, although PAs have been given permission to manage their employer's inbox, they are receiving confidential material as open documents rather than password protected attachments.

Mesmo also found that only 15 per cent of companies have a policy regarding email confidentiality.

"Too many companies think that putting a confidentiality notice at the foot of an email protects them, but by the time most people see the notice it has already been read," said Seeley.

"Similarly, putting 'confidential' in the subject line will not keep the contents secure if the recipient has their reading preview pane open."

The survey found that almost all senior executives jeopardise email security from time to time, but that 'IT confident' users are the worst offenders.

These are users who send or exchange confidential material in emails without password protecting or encrypting the communications.

These executives also download often highly confidential and commercially sensitive information onto memory sticks or iPods which are all too easily lost or copied.

Even in companies with a confidentiality policy, nine per cent of managers are still downloading material and even 13 per cent of PAs admitted to downloading onto memory sticks to give confidential material to their bosses or for them to work from home.