Plugging Data Leaks in US
Nearly four in ten companies have staff whose main job is to monitor
the outgoing email of colleagues, according to US data security
research. More than a third of the companies surveyed hired staff
to perform only that monitoring function.
Email security company Proofpoint interviewed email chiefs at
220 companies which employed more than 1,000 people. It found
that companies were so worried about employees leaking information
via email that 38% of them paid other employees to
"An increasing number say they employ staff to read or
otherwise analyze the contents of outbound email (38 percent, up
from 29 percent in 2008)," said a Proofpoint statement. "The pain of
data leakage has become so acute in 2009 that more US
companies report they employ staff whose primary or exclusive job is
to monitor the content of outbound email (33 percent, up from 15
percent in 2008)."
The survey suggested that companies have reason to be careful. Proofpoint said that 43% of the companies told it that they had investigated email leaks of confidential information in the past year. "Nearly a third [of companies], 31 percent, terminated an employee for violating email policies in the same period (up from 26 percent in 2008)," said Proofpoint's statement.
Blogs are also increasingly a source of concern for companies. The survey found that 18% of the companies it spoke to had conducted an investigation into employees' use or blogs or message boards and 17% had disciplined an employee for breaking company rules on their use. Workers had been fired over blog and message board use at 9% of the companies interviewed.
The research also uncovered the dissemination of sensitive or valuable company information through social networks such as LinkedIn, Facebook or MySpace. It found that 17% of companies had had information exposed through those channels, and that 8% had fired employees because of it.
Proofpoint said some data leaks being experienced by companies are related to the economic downturn. It found that 18% of companies believed a leak was related to an employee who was leaving the company, and that 42% of firms believed that increasing layoffs at their firm created an increased risk of data leakage.
Morag Hutchison, an employment law expert at Pinsent Masons, the law firm behind OUT-LAW.COM, said that if companies in the UK want to take action against individuals relating to their email or internet use then they have to have clearly spelled out at the outset what is and is not allowed.
"We advise employers to ensure that they have a email and internet use policy setting out what, if any, personal use of the internet and email is allowed at work," said Hutchison. She said that any policy had to be actively communicated to have any effect.
"It is important that this policy is clearly communicated to all employees and that the employer monitors compliance of it and takes the appropriate enforcement action if they discover a breach. The internet policy should also cross reference the disciplinary policy that the employer is required to follow," she said. "It is also important that the policy is consistently applied, and not just applied to people the company wants to let go."