‘Generation Gmail’ Threatens Corporate Data Security

A new generation of social media savvy employees is reportedly putting businesses at risk, displaying a blasé attitude to corporate intellectual property flowing outside the organisation and being stored on public servers.

According to research by email management firm Mimecast, the emerging group of young workers – which it dubs ‘Generation Gmail’ – is becoming increasingly frustrated by the restrictions imposed on their business email accounts, prompting them to create ‘workarounds’ which put corporate data at risk.

“With social networks and personal email a ubiquitous part of their life, the way email is used by this demographic is bleeding into the workplace. So it is not surprising that expectations for workplace technology are shifting accordingly,” said Nathaniel Borenstein, chief scientist at Mimecast. “The results find workers frustrated with corporate restrictions and working around these using personal email accounts in order not to affect their productivity or flexibility.”

Corporate email not adequate

The study found that 85 percent of under 25s send work-related emails or documents to or from personal email accounts. This is largely due to a sense of frustration with traditional workplace tools and regulations. Over half of under 25s said that if they had an unlimited work mailbox they would be less likely to send work emails to personal accounts, the report claims.

Of those surveyed in the age group, 52 percent rated their personal email account more highly than their work email in terms of mailbox size, compared to just 29 percent of over 55s.

Meanwhile, more than a third (36 percent) of incoming emails to work inboxes are non-work related, according to Mimecast. The average employee under 25 also reportedly sends around three emails a week containing corporate IP and potentially sensitive information outside of their corporate environment.

“Employees increasingly mix and match technologies, using devices and platforms interchangeably to find workarounds that maximise their flexibility and productivity,” said Borenstein. “Employers need to work out what they are going to do in the face of this cultural shift.”

The insider threat

However, email governance is just one of the problems that businesses need to consider when protecting their intellectual property and sensitive information. As Sophos senior technology consultant Graham Cluley told eWEEK Europe last year, the main cause of security breaches is still human error, and the ‘insider threat‘ comes in many forms.

Research by Imperva released in November reveals that 70 percent of employees plan to steal confidential data when leaving their job, with intellectual property and customer records topping the list. Imperva blames the lack of data protection policies within UK companies, claiming that most organisations do not have a policy to remove stored data from employees’ laptops upon departure.

“It seems most employees have no deliberate intention to cause the company any damage,” said Imperva CTO Amichai Shulman. “Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.”

Meanwhile, the Information Commissioner’s Office (ICO) has been cracking down on data breaches over the last year. Ealing and Hounslow councils were slapped with stiff financial penalties earlier this month, after losing laptops that contained sensitive personal data. The ICO has the power to impose fines of up to half a million pounds.

Sophie Curtis

View Comments

  • I can concur with this, I personally know of an instance of an employee sent customer data to a Hotmail account so she could work on it at home, subsequently she left the business and her new employer is being accused of using their data. We are seeing more and more interest in the solutions that can dramatically reduce the risk as customers are now asking their IT advisor/provider for a solution to this tricky problem.

    Mark Adams
    CCO - Cloudmore

  • This is a valid issue, and one I would imagine quite a few employers have not considered as being a major problem until an instance arises. I work in the security sector for iCritical a mail and web security vendor. It’s important to highlight this as not being a mail issue, but rather a web security issue. We have a product for instance that allows organisations to prevent sensitive data from leaving the network not just by the means of web mail but also instant messaging "file transfer" & Web page up-loads both just as mush of a threat for data leakage as web mail is. This is why it’s just and important to focus on Web filtering as much as Mail filtering.

    Craig Copeland - iCritical

  • This is really interesting - work email capacity should always be greater than personal accounts if in any way required, especially as most cloud systems allocate 25GB and are cheaper.
    Most interesting though is this 'most organisations do not have a policy to remove stored data from employees’ laptops upon departure'
    Surely if the issue is people using their external email and dropbox or the like - removing files from an employees laptop is completely pointless as it can be stored online or on a flash drive. Such a process would surely just disenfranchise employees and drive a wedge between themselves and management whilst not stopping anyone from taking anything. IT can't stop employee data theft, the only way to do this really is to make them not want to do it in the first place.

Recent Posts

Baltic Sea Power Cable Severed In Latest Incident

Undersea internet and power cable in Baltic sea between Finland and Estonia suffers outage. Finland…

2 days ago

US Begins Investigation Into Legacy Chinese Chips

The Biden Administration has launched a last-minute investigation into older Chinese-made legacy semiconductors - weeks…

2 days ago

Iran Lifts Ban On WhatsApp, Google Play

State media reports the Iranian regime has lifted the ban on WhatsApp and Google Play,…

2 days ago

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

5 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

5 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

5 days ago