skip to Main Content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Employees’ email still drives most of the data loss at organizations

    Cyber thieves are increasingly finding new channels to steal data from unaware employees. However, email is still by far the most popular medium by which enterprises have lost data, according to new research released last week by email security provider Tessian and the Ponemon Institute.

    Three out of five of the 614 U.S.-based corporate IT security experts who were surveyed in March 2022 said that their own organizations had “experienced data loss or exfiltration caused by an employee mistake on email” in the previous 12 months.

    “Despite acknowledging the risk … many organizations do not have training awareness programs with a focus on the sensitivity and confidentiality of data transmitted in employees’ email,” said Larry Ponemon, chairman and founder of Ponemon Institute.

    He added that just 61% of IT professionals at enterprises surveyed already had training and awareness programs in place for those with access to sensitive information. However, just over half (54%) of these organizations with these programs admitted that they had “addressed the sensitivity and confidentiality of data in employees’ email,” Ponemon said.

    Despite email interactions having been the digital channel with the most longevity and familiarity for most employees — including, arguably, those in the financial industry — roughly two-thirds (65%) of IT security professionals from various sectors said that email has remained the riskiest channel for data loss in organizations. Email was seen as potentially less secure even than cloud file-sharing services, found to be risky by 62% of respondents, or instant messaging platforms (57%).

    Josh Yavor, chief information security officer at Tessian, said that perhaps one of the most surprising findings from their research was that only two out of five of these email-based data loss incidents were caused by employee negligence from not following policies. Just 28% are caused by mistakes made by employees, he added, while roughly the same number (27%) were caused by insider threats.

    “What stands out is that 68% of data loss incidents were notdue to active malice by employees,” Yavor said, which affirmed that “a significant number of data loss incidents could be prevented with smarter and tailored training that helps employees avoid these mistakes by coaching them through critical decisions in a moment when they might not remember all of the details captured in company policies.”

    For example, as people continue to leave their jobs — often referred to as “The Great Resignation” — they may intentionally “send data or documents to their personal account and not even fully understand how it can impact the company’s security,” Yavor added.

    Hence, while employees who work in highly regulated enterprises such as financial institutions might be doing better than most, even they “do not necessarily understand the sensitivity of data shared over email,” Yavor said. He pointed out that nearly three-fourths (73%) of their IT security survey respondents said this was a concern.

    Since regulatory non-compliance is arguably the No. 1 consequence of a data loss incident banks, credit unions and investment firms, “this can have significant financial coincidences for this industry,” Ponemon said. “Regulated data is the most difficult to protect.”

    Ponemon suggested financial institutions should be more proactive in addressing and reducing email data loss prevention.

    “They should assess where in the organization data is most at risk, and leverage machine learning and behavioral capabilities” to alert the IT security department to potential email risk.


    Request A Quote: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4’s security awareness training and simulated phishing platform and find out how affordable this is!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    close

    Sign Up to the TIO Intel Alerts!

    Back To Top