Mimecast’s Generation Gmail Report has revealed that rogue emailing ‚ using personal email accounts to send and receive work documents – and the associated information security risk is exacerbated by the laissez-faire attitude of most South African employers.
The internationally commissioned study investigating attitudes to work email use was conducted in South Africa, the UK, US and Canada. The South African results revealed how noticeably local attitudes to email differ. Christelle Hicklin, customer experience manager at Mimecast SA, says that what make the South African results so interesting are the extremes.
82% of respondents say that email is their preferred method of communication, versus only 66% of the total sample. ‚An incredible 97% of South Africans consider it essential that their email is problem-free. This understanding of how much South African corporate users love email explains some of the other, no less extraordinary, but a lot more worrying results,‚ says Hicklin.
81% of South African email users send work emails from their personal email accounts with one in five doing it on a regular basis. While almost 80% realize this exposes their companies to risk, close to half feel it’s still an acceptable practice.
‚When I first read these results I was dumbfounded,‚ says Hicklin. ‚The obvious disconnect between knowing something is bad but not changing behaviour is perplexing. That is until I realized that most email users are choosing what they consider to be the lesser of the two evils.‚
Corporate users are working around the email policies, mailbox limitations and email size restriction to get their work done. The reason behind sending email to and from personal email accounts is primarily to work from home.
71% of respondents are simply trying to get the job done. 23% use personal email when the files are too big to get through the corporate server and almost one in five use a personal account because the content of the email is too confidential to trust the corporate network.
‚All this information tells us that while data leakage is the biggest risk with rogue emailing, it is not what the average user’s intent. Only 6% admitted to using personal accounts to ensure that they could have the information once they left the company. It’s funny when you think about it – it’s our good old fashioned work ethic and can-do attitude that’s putting companies at risk.‚
Employees’ attitudes to rogue emailing is made worse by South African organizations’ not taking responsibility for their email policies. ‚Employee behaviour can and should be influenced by company policy and culture. With only half of the respondents confirming the existence of a policy it’s clear that businesses need to get more actively involved in communicating, educating and enforcing email usage that protect the company, while supporting the needs of the users. It appears that often organizations fail at both ‚ setting rules and creating an email environment that truly addresses the needs of their staff,‚ says Hicklin.
There are technology answers to the issue of rogue emailing. Addressing the issues of mailbox size limitations, message size restrictions and email policy deployment can be done via technology but the human issues require a much more human intervention.
‚Companies need to start with a two-pronged approach. The needs of users must be balanced with clear policies and education programmes to ensure employees truly understand the impact of rogue emailing. The procedural clarity with some education and change management is the only way to protect organizations from their workaholic, productivity focused staff,‚ concludes Hicklin.