Unlike the good old days of Watergate when people actually had to break into offices to leak information, email is the top culprit when it comes to government data leaks, according to a study by MeriTalk, an online resource for government IT and sponsored by software company Axway. Entitled “The Encryption Enigma,” the report looks at how federal information security and email management professionals view email security and encryption issues.
While email encryption is an essential component of securing sensitive government information, the report found 47 percent of agencies say there is a need for better email policies and 45 percent report that employees do not follow these policies. More troubling is the indication that agencies may be unable to enforce email policies unless their email gateways explicitly decrypt and scan desktop-encrypted email, despite meeting these policies.
“Email encryption is an important tool for protecting sensitive information, but agencies must be sure that encryption is not making outbound emails so opaque that sensitive information can pass through without detection,” Michael Dayton, senior vice president of Axway’s security solutions group, said in a statement. “Agencies themselves may be providing the tools by which federal workers are leaking critical information—intentionally or not.”
With a single federal agency sending and receiving an average of 47.3 million emails each day—averaging 1.89 billion emails per day for the federal government overall—it is unsurprising that 79 percent of federal information security and email management professionals view cyber-security is a top priority, but only 25 percent of those surveyed said they would give themselves an “A” rating when it comes to effective security.
The report also found a lack of budget, cited by 46 percent of survey respondents, was the top barrier to securing federal email, followed by the lack of employees adhering to security policies (45 percent), the rise of mobile technologies (30 percent) and the lack of training (29 percent). More than half (55 percent) of survey respondents suggest improved end-user training and 54 percent suggest advanced email security technology to surmount these challenges.
The survey indicated email encryption is a growing issue for federal IT managers, with 51 percent of information security professionals seeing email encryption becoming a more significant problem for federal agencies in the next five years. In addition, 80 percent of information security managers said they were concerned about the possibility of data loss prevention violations encrypted in emails, while 58 percent of respondents said they believe encryption makes it harder to detect when valuable or sensitive data is leaving the agency.
“This is particularly troubling, given that 83 percent of federal agencies provide users with the ability to encrypt outbound email. Email is the number one way unauthorized data, including classified and sensitive information, leaves federal agencies followed by agency-issued mobile devices and USB flash drives,” the report noted. “In a number of cases, the very encryption that may be used to ensure the security of information becomes the tool for hiding sensitive information as it leaves through the email gateway.”