There is a far-reaching communications disconnect between IT management and non-IT employees on security and compliance policies when it comes to corporate email and file transfer habits, according to a survey of more than 400 IT decision makers by email encryption provider DataMotion.
The report also indicated a disturbing percentage in IT management are knowingly taking compliance risks and even turning off essential capabilities due to technology issues.
While IT and non-IT respondents overwhelmingly said their companies have a formal process for updating and communicating security and compliance policies for transferring files electronically, a larger percentage of non-IT personnel (75.5 percent) versus IT management (61.9 percent) believe employees and coworkers fully understand these policies.
Although 94.2 percent of IT management said mobile devices for corporate email are allowed, only 62 percent of non-IT personnel agreed – yet most still use these. Among organizations with email encryption capabilities, 44.4 percent still lack the ability to send and receive encrypted email from their mobile email client.
"It’s good to see improvements in security and compliance since last year, but serious problems remain and new ones have cropped up," Bob Janacek, DataMotion’s chief technology officer, said in a statement. "There’s always a demand for new tools such as email on mobile devices – companies and workers look for better ways to get the job done. The challenge is to provide encryption and filtering tools that are easy for people to use, and dependable so they don’t get disabled."
While 56.1 percent of IT management said they have a bring your own device (BYOD) policy in place, 74.9 percent of non-IT employees say they either don’t have a policy or are unsure, another clear indication that policies are not being effectively communicated.
Overall, just 44 percent of respondents said their company has a BYOD policy, even as 86.7 percent of these same organizations permit the use of mobile devices for email.
Nearly two-thirds (62.6 percent) in IT management said policy filtering, used to monitor the content of outbound email and file attachments for compliance purposes, causes problems with false positives (unnecessarily encrypted emails), and nearly a quarter (24.2 percent) admit to having gone as far as to turn off their policy-based filtering.
"IT has to keep pace, which is why the communications disconnect with non-IT employees, as well as the risks being taken, require immediate attention. Furthermore, regulatory developments in many industries have expanded; meaning companies not previously covered, might be now. Failing to comply can be devastating," Janacek said. "These survey findings give us a textured understanding that hopefully will help businesses overcome and anticipate related issues, especially in an age where security and compliance can so dramatically impact the bottom line."
More than half (51.6 percent) of IT management said free consumer-type file transfer services are forbidden at their companies. Yet, only 24 percent of non-IT workers reported that to be the case.
Of the 80.9 percent of respondents who said their company has security and compliance policies for transferring files electronically, 59 percent described enforcement as "very aggressive", a nearly 12 percent increase over 2012.