14 DAY TRIAL // Phone-based multi-factor authentication provider PhoneFactor released the results of a survey aimed at identifying how much sensitive information companies send via email, but also how well they protect it. The figures are not optimistic at all, in most of the cases an email username and a password being the only security measures.
Of the 400 IT professionals that took part in the study, around 73% admitted to sending highly sensitive information by email. This data includes details on business processes and corporate strategy (59%), sales quotes and RFPs (54%), intellectual property, budgets and sales forecasts, and even customer information.
With larger organizations it’s even worse, the information regularly transmitted in emails including reviews, compensation plans, and employee details such as social security numbers.
According to the report, there are three main things that executives fear in case the information they send or receive was stolen: public embarrassment and the impact on the company’s reputation (59%), the loss of trust from customers (54%), and the loss of trust among employees (49%).
For a large organization in general, public embarrassment is an even bigger concern (73%). On the other hand, healthcare and government firms fear that in case their email systems are breached, they would not only face fines and penalties, but their workflow would also be disrupted.
Another issue that generates concerns is the fact that most companies are BYOD-friendly, a practice that increases the risks.
While most of the respondents admitted that email security was important, around three quarters were not very confident that their existing systems were able to prevent attacks. Apparently, the ones who are confident that their email accounts are safe are those who require their employees to use two-factor authentication systems.
Here’s a video made available by PhoneFactor for the 2012 email security survey:
