Workers Routinely Dodge Security Policies

 
 
By Karen A. Frenkel  |  Posted 03-17-2015 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Lack of Email Encryption
    Next

    Lack of Email Encryption

    30% of respondents cannot encrypt email, a finding similar to last year's 28%. Furthermore, 33% of respondents are not confident in their company's email encryption policy.
  • Previous
    Email Encryption Budgets
    Next

    Email Encryption Budgets

    42% of respondents said their company will spend at least $10,000 during 2015 on email encryption.
  • Previous
    Mobile Encryption Lacking
    Next

    Mobile Encryption Lacking

    86% of respondents said their organization permits employees to use mobile devices for email, but of those who can encrypt email and allow email use on mobile, 36% cannot directly send and receive encrypted email from their mobile email client.
  • Previous
    Smaller Organizations, Greater Email Risk
    Next

    Smaller Organizations, Greater Email Risk

    47% of respondents from small organizations said email encryption is not enabled on mobile compared to 31% for large organizations.
  • Previous
    Lackluster Compliance Confidence
    Next

    Lackluster Compliance Confidence

    50% of respondents believe it is "somewhat likely" their company may be selected for a compliance audit within 2015. And 60% admit they are only "somewhat confident" their organization would pass such an audit.
  • Previous
    Efforts to Reduce Risk
    Next

    Efforts to Reduce Risk

    66% of respondents said their organization is training employees to improve compliance and security policy adherence.
  • Previous
    How to Reduce Risk
    Next

    How to Reduce Risk

    43% said their companies use technology to monitor and report security risks. 50% said they are communicating more about their policies.
  • Previous
    HIPAA/HITECH'S Longtail
    Next

    HIPAA/HITECH'S Longtail

    70% of respondents said their organizations have a business relationship with a health care entity and also process Protected Health Information (PHI). 25% are either not a HIPAA business associate or were unsure if they are, however.
  • Previous
    Unclear HIPAA Business Associate Agreements
    Next

    Unclear HIPAA Business Associate Agreements

    HIPPA regulations define business associates as downstream entities, such as subcontractors, data backup companies and personal health record providers. 40% of respondents had either not been asked to sign a business associate agreement, or were unsure whether they had done so, putting health care entities they work with at risk for noncompliance.
 

A new study finds significant security risk occurring in the enterprise, with one-fifth of employees violating their company's compliance and security policies simply to get their jobs done. According to DataMotion's third annual survey on corporate email and transfer habits, companies increasingly put security and client compliance policies in place–90% of respondents this year compared to 81% last year. Yet one-third of the respondents said employees don't fully understand those policies. 44% admit that their policies are only moderately enforced. Three-quarters of respondents said employees violate policies at least occasionally. The study polled 780 IT and business decision makers in the United States and Canada, focusing on those who routinely work with sensitive data and compliance regulations in health care, financial services, education, government and other industries. The study also addresses HIPAA compliance. Bob Janacek, CTO at DataMotion, said "The data show a gaping hole in security when it comes to mobile devices–with many companies permitting their use but not taking into account their lack of email encryption capabilities."

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register