Email compliance is an issue every organization deals with, to varying degrees of success. Unfortunately, employees (including upper management) are not helping the cause.
Executives the biggest offenders
According to a recent survey, conducted by Opinion Matters and commissioned by Iron Mountain, 49 percent of managing directors and C-level executives have used a personal email address to send sensitive business information.
In addition, out of those surveyed:
- 57 percent have left sensitive information on a shared printer
- 40 percent have sent information over an unsecured wireless network
- 43 percent have disposed of documents in a potentially insecure trash bin
- 39 percent have lost business information in a public place
Lower-level employees (administrative staff), however, seem to be more aware of security compliance:
- 29 percent said they left confidential information on a printer
- 15 percent have lost business information in a public place
Why aren't they following policy?
When it comes to email compliance, or information governance in general, clear and simple guidelines and processes are critical. Employees of all levels must be constantly educated on the current policies, penalties for not following them, and the potential disasters that could occur from non-compliance.
This philosophy is reflected when the executives were asked about what was in place at their organization and why they did not follow these procedures:
- 21 percent of C-level executives said the processes are too complex and so they evade them
- 14 percent said they don't follow company policies because they are too complicated
- 6 percent responded they were unaware of their company's policies altogether
What are the consequences?
"Our research shows that business leaders in the mid-market are more likely to put sensitive information at risk than any other employee," Iron Mountain UK commercial director Elizabeth Bramwell said in a statement. "They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning. The financial penalties for companies who fail to meet data handling and security obligations are getting more severe."
"But getting it right is not just about avoiding fines; the reputational damage associated with a data breach can erode customer loyalty and impact the bottom line," Bramwell added. "With the stakes so high, companies need to put the policies and processes in place to support good information governance. On its own, this may not be enough; companies must promote behaviors that protect sensitive company information."
What can be done?
Whether it's email compliance, proper disposition of records or where and how documents should be saved, simplicity and automation remain the best pathways to success. The more of the information governance that can be taken out of the hands of the everyday business user, the higher the chances of success.