Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

Executives are the Biggest Offenders When it Comes to Email Compliance

Email compliance is an issue every organization deals with, to varying degrees of success. Unfortunately, employees (including upper management) are not helping the cause.

Executives the biggest offenders

According to a recent survey, conducted by Opinion Matters and commissioned by Iron Mountain, 49 percent of managing directors and C-level executives have used a personal email address to send sensitive business information.

In addition, out of those surveyed:

  • 57 percent have left sensitive information on a shared printer
  • 40 percent have sent information over an unsecured wireless network
  • 43 percent have disposed of documents in a potentially insecure trash bin
  • 39 percent have lost business information in a public place

Lower-level employees (administrative staff), however, seem to be more aware of security compliance:

  • 29 percent said they left confidential information on a printer
  • 15 percent have lost business information in a public place

Why aren't they following policy?

When it comes to email compliance, or information governance in general, clear and simple guidelines and processes are critical. Employees of all levels must be constantly educated on the current policies, penalties for not following them, and the potential disasters that could occur from non-compliance.

This philosophy is reflected when the executives were asked about what was in place at their organization and why they did not follow these procedures:

  • 21 percent of C-level executives said the processes are too complex and so they evade them
  • 14 percent said they don't follow company policies because they are too complicated
  • 6 percent responded they were unaware of their company's policies altogether

What are the consequences?

"Our research shows that business leaders in the mid-market are more likely to put sensitive information at risk than any other employee," Iron Mountain UK commercial director Elizabeth Bramwell said in a statement. "They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning. The financial penalties for companies who fail to meet data handling and security obligations are getting more severe."

"But getting it right is not just about avoiding fines; the reputational damage associated with a data breach can erode customer loyalty and impact the bottom line," Bramwell added. "With the stakes so high, companies need to put the policies and processes in place to support good information governance. On its own, this may not be enough; companies must promote behaviors that protect sensitive company information."

What can be done?

Whether it's email compliance, proper disposition of records or where and how documents should be saved, simplicity and automation remain the best pathways to success. The more of the information governance that can be taken out of the hands of the everyday business user, the higher the chances of success. 

Posted by Shawn Cosby

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from ridged business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.