A new generation of social media savvy employees is reportedly putting businesses at risk, displaying a blasé attitude to corporate intellectual property flowing outside the organisation and being stored on public servers.
According to research by email management firm Mimecast, the emerging group of young workers – which it dubs ‘Generation Gmail’ – is becoming increasingly frustrated by the restrictions imposed on their business email accounts, prompting them to create ‘workarounds’ which put corporate data at risk.
“With social networks and personal email a ubiquitous part of their life, the way email is used by this demographic is bleeding into the workplace. So it is not surprising that expectations for workplace technology are shifting accordingly,” said Nathaniel Borenstein, chief scientist at Mimecast. “The results find workers frustrated with corporate restrictions and working around these using personal email accounts in order not to affect their productivity or flexibility.”
The study found that 85 percent of under 25s send work-related emails or documents to or from personal email accounts. This is largely due to a sense of frustration with traditional workplace tools and regulations. Over half of under 25s said that if they had an unlimited work mailbox they would be less likely to send work emails to personal accounts, the report claims.
Meanwhile, more than a third (36 percent) of incoming emails to work inboxes are non-work related, according to Mimecast. The average employee under 25 also reportedly sends around three emails a week containing corporate IP and potentially sensitive information outside of their corporate environment.
“Employees increasingly mix and match technologies, using devices and platforms interchangeably to find workarounds that maximise their flexibility and productivity,” said Borenstein. “Employers need to work out what they are going to do in the face of this cultural shift.”
However, email governance is just one of the problems that businesses need to consider when protecting their intellectual property and sensitive information. As Sophos senior technology consultant Graham Cluley told eWEEK Europe last year, the main cause of security breaches is still human error, and the ‘insider threat‘ comes in many forms.
Research by Imperva released in November reveals that 70 percent of employees plan to steal confidential data when leaving their job, with intellectual property and customer records topping the list. Imperva blames the lack of data protection policies within UK companies, claiming that most organisations do not have a policy to remove stored data from employees’ laptops upon departure.
“It seems most employees have no deliberate intention to cause the company any damage,” said Imperva CTO Amichai Shulman. “Rather, this survey indicates that most individuals leaving their jobs suddenly believe that they had rightful ownership to that data just by virtue of their corporate tenure.”
Meanwhile, the Information Commissioner’s Office (ICO) has been cracking down on data breaches over the last year. Ealing and Hounslow councils were slapped with stiff financial penalties earlier this month, after losing laptops that contained sensitive personal data. The ICO has the power to impose fines of up to half a million pounds.
Apple fined 150m euros over App Tracking Transparency feature that it says abuses Apple's market…
OpenAI to release customisable open-weight model in coming months as it faces pressure from open-source…
Samsung's Bespoke AI-powered fridge monitors food to create shopping lists, displays TikTok videos, locates misplaced…
Huawei sees 38 percent jump in consumer revenues as its smartphone comeback continues to gather…
In world-first, China approves commercial flights for EHang autonomous passenger drone, paving way for imminent…
Microsoft closes down IoT and AI lab it operated in Shanghai tech district in latest…
View Comments
I can concur with this, I personally know of an instance of an employee sent customer data to a Hotmail account so she could work on it at home, subsequently she left the business and her new employer is being accused of using their data. We are seeing more and more interest in the solutions that can dramatically reduce the risk as customers are now asking their IT advisor/provider for a solution to this tricky problem.
Mark Adams
CCO - Cloudmore
This is a valid issue, and one I would imagine quite a few employers have not considered as being a major problem until an instance arises. I work in the security sector for iCritical a mail and web security vendor. It’s important to highlight this as not being a mail issue, but rather a web security issue. We have a product for instance that allows organisations to prevent sensitive data from leaving the network not just by the means of web mail but also instant messaging "file transfer" & Web page up-loads both just as mush of a threat for data leakage as web mail is. This is why it’s just and important to focus on Web filtering as much as Mail filtering.
Craig Copeland - iCritical
This is really interesting - work email capacity should always be greater than personal accounts if in any way required, especially as most cloud systems allocate 25GB and are cheaper.
Most interesting though is this 'most organisations do not have a policy to remove stored data from employees’ laptops upon departure'
Surely if the issue is people using their external email and dropbox or the like - removing files from an employees laptop is completely pointless as it can be stored online or on a flash drive. Such a process would surely just disenfranchise employees and drive a wedge between themselves and management whilst not stopping anyone from taking anything. IT can't stop employee data theft, the only way to do this really is to make them not want to do it in the first place.