Email still the top source of data loss

Email continues to be the number one source of data loss risks in large enterprises as more than a third (35 percent) investigated a leak of confidential or proprietary information via email in the past 12 months, according to Proofpoint.

At the same time, the number of data loss events associated with social media channels continued to increase. Employee misuse of email, work-owned mobile devices, and popular social media tools including Facebook, LinkedIn, Twitter, video sharing sites, forums and blogs resulted in an increasing number of disciplinary actions—including termination—as enterprises demonstrate increasing concern about securing sensitive data.

Despite a growing awareness of data loss risks, large enterprises continue to be impacted by data loss at a surprising rate:

• Thirty-six percent of respondents said their organization was impacted by the exposure of sensitive or embarrassing information in the past 12 months.
• Thirty-one percent of respondents said their organization was impacted by the improper exposure or theft of customer information in the past 12 months.
• Twenty-nine percent of respondents said their organization was impacted by the improper exposure or theft of intellectual property in the past 12 months.

Enterprise concerns and data loss events from social media continued to rise in the past 12 months:

Social networking sites
Twenty percent of companies investigated the exposure of confidential, sensitive or private information via a post to a social networking site. Seven percent of companies terminated an employee for social networking policy violations. Twenty percent disciplined an employee for such violations.

Fifty-three percent are highly concerned about the risk of information leakage via social networking sites. Fifty-three percent explicitly prohibit the use of Facebook, while 31 percent explicitly prohibit use of LinkedIn.

Blog and message board postings
Twenty-five percent of companies investigated the exposure of confidential, sensitive or private information via a blog or message board posting. Eleven percent of companies terminated an employee for blog or message board posting policy violations. Fifty-four percent are highly concerned about the risk of information leakage via blogs and message boards.

SMS and Web-Based Short Messaging Services
Seventeen percent of companies investigated the exposure of confidential, sensitive or private information via one of these services. Fifty-one percent are highly concerned about the risk of information leakage. Forty-nine percent explicitly prohibit the use of Twitter.

Media sharing sites
Eighteen percent of companies investigated the exposure of confidential, sensitive or private information via shared video or audio media. Nine percent of companies terminated an employee for media sharing/posting policy violations. Twenty-one percent disciplined an employee for such violations. Fifty-two percent are highly concerned about the risk of information leakage. Fifty-three percent explicitly prohibit the use of media-sharing sites.

Email still the number one data loss threat

• Thirty-five percent of companies investigated the exposure of confidential or proprietary information via email in the past 12 months. Thirty-two percent investigated a suspected violation of privacy or data protection regulations related to email. Twenty percent terminated an employee for violating email policies. Fifty percent disciplined an employee for such violations.
• Fifty-five percent are highly concerned about the risk of information leakage via the organization’s email system. On average, respondents estimate that as many as one in five outbound email messages contains content that poses a legal, financial or regulatory risk.
• Thirty-seven percent employ staffs to monitor the content of outbound email and 48 percent perform regular audits of outbound email content.