Sensitive data often lacks email security controls

June 26, 2012 | Topic : Email Security

Phishing and XXS threats demand heightened attention to security software

Even as most organizations send highly-sensitive information through email on a daily basis, only 26 percent of companies are confident in the email security precautions currently in place, according to a survey by PhoneFactor.

Eighty percent of those surveyed claimed that password verification was the only security step for a hacker to gain access to at least some company emails. Just 26 percent of organizations required two-factor authentication for account access, despite 74 percent finding its use to be at least somewhat critical.

Email security in general was found to be important by 96 percent of those surveyed, with 33 percent looking to add more controls in the coming year.

Data sent via company email was considered sensitive by 73 percent of the respondents, with information about business processes and corporate strategy the most likely to be discussed. Fifty-nine percent of those surveyed said they sent outbound email containing that type of proprietary company information, with sales information (54 percent) and sensitive customer information (49 percent) also commonly transmitted.

Corporate executives were even more likely to send and receive important emails, with 76 percent claiming to possess emails containing budgeting details and 63 percent about product plans. While public embarrassment was the top concern of a loss, regulatory compliance was also a major looming issue.

Some of the additional access concerns beyond a lack of protection were related to the growing use of mobile in the business environment. Only 2 percent of respondents claim that employees do not access email outside of the office, with personal mobile devices the most common avenue at 70 percent.

Controls enabling the use of secure email on mobile devices are only present in 39 percent of companies, according to a study from Ponemon Institute. The same study also discovered that with such limited security in place, 63 percent of data breaches were tied to the use of mobile devices.