Workers Routinely Dodge Security Policies
Lack of Email Encryption
30% of respondents cannot encrypt email, a finding similar to last year’s 28%. Furthermore, 33% of respondents are not confident in their company’s email encryption policy.
Email Encryption Budgets
42% of respondents said their company will spend at least $10,000 during 2015 on email encryption.
Mobile Encryption Lacking
86% of respondents said their organization permits employees to use mobile devices for email, but of those who can encrypt email and allow email use on mobile, 36% cannot directly send and receive encrypted email from their mobile email client.
Smaller Organizations, Greater Email Risk
47% of respondents from small organizations said email encryption is not enabled on mobile compared to 31% for large organizations.
Lackluster Compliance Confidence
50% of respondents believe it is “somewhat likely” their company may be selected for a compliance audit within 2015. And 60% admit they are only “somewhat confident” their organization would pass such an audit.
Efforts to Reduce Risk
66% of respondents said their organization is training employees to improve compliance and security policy adherence.
How to Reduce Risk
43% said their companies use technology to monitor and report security risks. 50% said they are communicating more about their policies.
HIPAA/HITECH’S Longtail
70% of respondents said their organizations have a business relationship with a health care entity and also process Protected Health Information (PHI). 25% are either not a HIPAA business associate or were unsure if they are, however.
Unclear HIPAA Business Associate Agreements
HIPPA regulations define business associates as downstream entities, such as subcontractors, data backup companies and personal health record providers. 40% of respondents had either not been asked to sign a business associate agreement, or were unsure whether they had done so, putting health care entities they work with at risk for noncompliance.