A survey of 203 federal information security professionals conducted by Meritalk recently uncovered several concerning trends regarding the security of government data. Nearly eight in 10 respondents cited cybersecurity as their agency's top priority, yet only 25 percent believed that their email security protections were sufficient. This is particularly worrisome considering that an average of 47.3 million emails are sent and received by the surveyed agencies each day.
While 83 percent of federal agencies advocate for and enable users to encrypt information contained in outbound emails, this data security provision has had some unintended consequences. At the heart of the matter is the fact that 58 percent of security managers believing encryption restricts administrative visibility and makes it harder to detect when sensitive information is exiting approved agency channels.
“Email encryption is an important tool for protecting sensitive information, but agencies must be sure that encryption is not making outbound emails so opaque that sensitive information can pass through without detection,” said research coordinator and Axway senior vice president Michael Dayton. “Agencies themselves may be providing the tools by which federal workers are leaking critical information – intentionally or not.”
Private sector struggles
These revelations come on the heels of last year's Ponemon Institute survey of 830 private sector information technology, security and compliance professionals which found that nearly half of respondents believed email was the main channel for data leaks within their organization. Many of these incidents could be traced back to user error, with 63 percent of respondents saying they felt that employees had sent confidential information to unintended recipients on accident. But though harder to quantify, many administrators still harbored suspicions of malicious insider activity.
Perhaps more so in the private than public sector, organizations could also be suffering from a lack of awareness for the compliance considerations that surround digital communications. More than 80 percent of respondents to the Ponemon survey said that they did not know what if any information needed to be encrypted.
These poor data protection fundamentals may only lead to more incidents in an era when removable storage devices persist in the workplace and the influx of mobile devices is introducing entirely new questions for companies to ponder. IT and compliance officers would be wise to take stock of employee awareness across departments and ensure data management privileges are tied to explicit expectations.
Data Security News from SimplySecurity.com by Trend Micro