Email security software can scan messages for sensitive data and keywords

Firms urged to tackle email data leaks

Half of employees have sent emails to the wrong person

vnunet.com, 19 Nov 2007

Businesses are increasingly concerned about sensitive company information being leaked via email, according to research conducted by IT security firm Sophos.

The issue is highlighted by the fact that half of all employees have admitted to sending an embarrassing or sensitive email to the wrong person.

But as email is perhaps the most vital communications tool available, the possibility of curtailing its use is simply not an option.

The potential level of trouble for a company is high because as much as 80 per cent of a company's business records are contained in emails.

"As more and more business and personal interaction is conducted via work email, the risk of clicking send without double-checking the recipient's details is growing," said Graham Cluley, senior technology consultant at Sophos.

"The fact that as many as half of employees have experienced that heart-stopping moment when they realise that their message is hurtling towards the wrong person shows that human error is too significant to ignore."

The Sophos report recommends that companies install email security software that scans messages for sensitive data and keywords, and that uses encryption to ensure that business critical emails are sent securely.

"The vast majority of data leakages via email are accidental, so companies that put a solid security policy in place, and educate employees on responsible email use, will mitigate the risks and dramatically reduce the possibility of critical data loss," said Cluley.

Another concern, according to Sophos, is employees deliberately leaking sensitive information via email.

Cluley recommends security systems that will identify and block confidential attachments, including those that have had their file type altered by the sender, ensuring that accidental and malicious email leakage are thwarted.

Sophos has published a guide to inform organisations of the potential pitfalls and provide methods of ensuring compliance and good email security.
http://www.sophos.com/security/topic/data-leakage.html
Data Leakage Prevention