Work Email The Number One Source of Government Data Leaks

Email encryption is designed to keep sensitive information safe but Federal information security and email management professionals say standard email is the number one way unauthorised data leaves an agency. A new study by MeriTalk and sponsored by Axway, titled “The Encryption Enigma,” looks at how Federal information security and email management professionals view email security and encryption issues.

A single Federal agency sends and receives an average of 47.3 million emails each day, averaging 1.89 billion emails per day for the Federal government overall. While 79 percent of Federal information security and email management professionals say cyber security is a top priority, only one in four give the security of their current email solution an “A.”

This is particularly troubling given that 83 percent of Federal agencies provide users with the ability to encrypt outbound email. Email is the number one way unauthorised data, including classified and sensitive information, leaves Federal agencies followed by agency-issued mobile devices and USB flash drives. In a number of cases, the very encryption that may be used to ensure the security of information becomes the tool for hiding sensitive information as it leaves through the email gateway.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

Most agencies (84 percent) believe that they are safe and support the inspection of desktop-encrypted email. However, to effectively support the inspection of desktop-encrypted emails, agencies must:

• Validate all email users;

• Have proper email polices in place; and

• Ensure users must follow correct email policies.

Currently, 47 percent of agencies cite the need for better email policies and 45 percent report that employees do not follow these policies. In fact, even if these three conditions are met, agencies may be unable to enforce email policies unless their email gateways explicitly decrypt and scan desktop-encrypted email.

“Email encryption is an important tool for protecting sensitive information, but agencies must be sure that encryption is not making outbound emails so opaque that sensitive information can pass through without detection,” said Michael Dayton, Senior Vice President, security solutions group, Axway. “Agencies themselves may be providing the tools by which Federal workers are leaking critical information – intentionally or not.”

Email encryption is a growing issue with 51 percent of information security professionals seeing email encryption becoming a more significant problem for Federal agencies in the next five years. In addition, 80 percent of information security managers are concerned about the possibility of data loss prevention violations encrypted in emails and 58 percent believe encryption makes it harder to detect when valuable or sensitive data is leaving the agency.

Furthermore, file sharing through email is another collaboration tool that needs to be secure, especially when the files being shared contain critical data. The ability to enforce encryption of certain documents in an automated way and also provide Federal agencies with the ability to decrypt files is key to ensuring secure file sharing through email.

Federal information security and email management professionals say the top barriers to securing Federal email are:

• Lack of budget (46 percent);

• Lack of employees adhering to security policies (45 percent);

• The rise of mobile technologies (30 percent); and

• Lack of training (29 percent).

To overcome these challenges, 55 percent of survey respondents suggest improved end-user training and 54 percent suggest advanced email security technology.