SilverSky questioned 119 business users on their habits and attitudes towards email. It found that most users recognize a potential security threat in the use of email – only five percent responded that they are not really concerned and don't follow company procedures.
Most users believe that they are more security conscious than their fellows (53%), and a further 45% consider themselves at least as conscientious as their coworkers – less than 2% suspect that they are less so.
These figures become more interesting in relation to the email faux pas experienced. Fifty-six percent of users admit to having sent an email to the wrong person, and 53% have received unencrypted sensitive information (such as credit card numbers, social security numbers, sensitive internal documents and financial information) in the body of an email.
Clearly, sending an email to the wrong person is not considered a major fault (users don't consider it makes them less secure than their fellows), even though it can lead to the loss of sensitive information and/or cause embarrassment on both a personal and corporate level.
And where failure to use encryption is concerned, more people are the recipient of errors than the cause of errors. This could either mean that there are a relatively small number of repeat offenders – or more likely that users can recognize the theory of good security practice, but don't recognize their own failures in it.
The overwhelming impression from the survey is that users are aware there is an email security issue, but that it doesn't apply to them personally. This in turn can lead to over-confidence in their own procedures, and that could lead to problems.
The security problem lies with coworkers. But users' awareness of this problem in their coworkers means that they accept that more could be done by IT to protect the company. "Specifically", says SilverSky, "68 percent of respondents said that IT should focus more on preventing employees from inadvertently emailing out sensitive information." Ninety-three percent of employees said they would feel more secure about email if their company used data leak prevention technology, while 97% said that encryption would make them feel more secure.