Employees are constantly leaking business data, says report

When it comes to email, staff just don't follow the rules

One-quarter of workers in the UK have 'maliciously' spilled corporate information over email, typically exfiltrating confidential business data to either competitors or new employers.

That's according to a study published today by data privacy and risk management company Egress Software.

The research, which explores how email is frequently misused, involved 2,000 UK employees. It found that 50 per cent say that they have received a corporate email by mistake.

Half also said they would cover their tracks by deleting emails from their sent folder if they had shared confidential information - little realising, perhaps, that the emails would nevertheless be archived on the server.

Meanwhile, 46 per cent said that they have received an email recall request, and more than one-third of the participants (37 per cent) said they're unlikely to check emails before sending them.

Human error is also a major factor. When it comes to sending dodgy emails, 68 per cent of employees said rushing is the biggest issue. Alcohol is another culprit, playing a part in eight per cent of all wrongly sent emails.

Autofill technology isn't helpful, either. Almost half of the participants (42 per cent) said this has resulted in them selecting the wrong recipient on the list.

Out of the people who had sent an email to the wrong person, 40 per cent said they had accidentally insulted the recipient or used rude jokes. They also used swear words or risque messages.

There were also instances when employees (nine per cent) put their own customers and organisations at risk by leaking sensitive attachment, such as bank details.

Tony Pepper, CEO and co-founder of Egress, said: "Email is frequently misused by the UK workforce. While offending an accidental recipient may cause red faces, leaking confidential information can amount to a data breach.

"As we move towards the EU General Data Protection Regulation, it has never been more important to get a grip on any possible risk points within the organisation and, as this research shows, email needs serious attention."

Egress said companies need to invest in solutions to tackle accidental email problem, and has launched its own variant. "Data breaches are becoming much more prevalent and organisations are struggling to mitigate the risks caused by unpredictable user behaviour," added Pepper.

Increasingly, companies like Egress are offering various different forms of data-loss prevention software that, they claim, can stop valuable corporate intellectual property from being casually spilled.

Egress, for example, offers what it calls Switch Threat Protection, which can alert users and central administrators when they are sending an email to potentially the wrong person.

"For our customers, the fact we can provide technology solutions that proactively support users to mitigate the risk of data loss, fines and associated reputational damage is proving invaluable, particularly as we enter a new phase of unprecedented data protection regulation."