Who's been reading your email?

Jun 07 2006 by Brian Amble Print This Article

With email abuse on the increase, more than a third of large companies in the U.S. and UK have gone as far as to hire staff to snoop on outbound emails for leaks of confidential information or content that can pose real legal, financial and regulatory risks.

According to a new report by Forrester Consulting for security firm ProofPoint, companies estimate that around one in every five outgoing emails contains unacceptable content, with 'adult, obscene or potentially offensive' material the most commonplace.

As a result, almost a third of companies have fired an employee for violating email policies in the past year. Seven out of 10 UK firms and more than half of those in the U.S. have also disciplined an employee for violating email policies over the past 12 months.

The study found that nearly four out of 10 (38 per cent) of U.S. and UK companies with 1,000 or more employees hire staff to read or analyze outbound email, with companies employing more than 20,000 workers even more likely to do so.

almost a third of companies have fired an employee for violating email policies in the past year

But companies do appear to have good reason to worry. More than half of UK firms and one in three of those in the U.S. have investigated leaks of confidential or proprietary information in the past year and over a third have dealt with violations of privacy or data protection regulations.

What's more, around a third of the firms surveyed admitted that their business has been impacted by the exposure of sensitive or embarrassing information.

One in five U.S. firms and one in seven of those in the UK have suffered the improper exposure or theft of customer information, while 15 per cent of firms on both sides of the Atlantic have fallen victim to the theft of intellectual property.

Mark Hughes, European managing director at Proofpoint, said that outbound security leaks can cause untold damage.

"Outbound security breaches can have disastrous effects on a company's branding – last year Paris Hilton's phone records were released to the media by a T-mobile employee basically telling the world that a customer's personal details are not safe with T-mobile."

The study also found that other communications channels, such as blogs and instant messaging, are increasingly emerging as sources of risk for companies.

In particular, more than one in five firms said that they have disciplined an employee for violating blog or message board policies in the past 12 months with some seven per cent of U.S. firms and four per cent of those in the UK going as far as to sack an employee over the same infraction.

More than one in 10 public companies also found themselves having to investigate the exposure of material financial information via a blog or message board posting in the past year.

Employers say that they have good reasons to worry about employee e-mails. In the U.S, a quarter of those surveyed have been ordered by courts or regulators to hand over e-mail records and Federal prosecutors are increasingly using e-mail records in high-profile fraud or misconduct cases such as the recent convictions of Enron executives Ken Lay and Jeffrey Skilling.

It is a similar story in the UK, where the Regulation of Investigatory Powers Act, the Lawful Business Practice Regulations and the Data Protection Act all provide for the interception of companies' logs and e-mails.