Workers Routinely Dodge Security Policies
30% of respondents cannot encrypt email, a finding similar to last year’s 28%. Furthermore, 33% of respondents are not confident in their company’s email encryption policy.
42% of respondents said their company will spend at least $10,000 during 2015 on email encryption.
86% of respondents said their organization permits employees to use mobile devices for email, but of those who can encrypt email and allow email use on mobile, 36% cannot directly send and receive encrypted email from their mobile email client.
47% of respondents from small organizations said email encryption is not enabled on mobile compared to 31% for large organizations.
50% of respondents believe it is “somewhat likely” their company may be selected for a compliance audit within 2015. And 60% admit they are only “somewhat confident” their organization would pass such an audit.
66% of respondents said their organization is training employees to improve compliance and security policy adherence.
43% said their companies use technology to monitor and report security risks. 50% said they are communicating more about their policies.
70% of respondents said their organizations have a business relationship with a health care entity and also process Protected Health Information (PHI). 25% are either not a HIPAA business associate or were unsure if they are, however.
HIPPA regulations define business associates as downstream entities, such as subcontractors, data backup companies and personal health record providers. 40% of respondents had either not been asked to sign a business associate agreement, or were unsure whether they had done so, putting health care entities they work with at risk for noncompliance.