Most businesses have email security policies in place, finds survey

A recent survey paints positive picture of email security but compliance problems remain.

Only 20 per cent of companies have a full understanding of their obligations regarding email-use regulations. The alarming finding in a survey by Diagonal Security comes despite the 75 per cent who have policies in place and the majority’s belief that effective email management improves operational efficiency and reduces business continuity risks.

Despite mounting pressure from regulations and legislation such as the Sarbanes-Oxley Act, Data Protection Act and Companies Bill, eight per cent are not aware if their organisation has one or not. The survey of executives in public sector, financial services, retail, manufacturing, utilities and media suggests education and training are key to successful policy implementation.

The financial services industry, already facing compliance with around nine new regulations, offers a particularly worrying picture. While other industries claim fewer executives have a full understanding of email regulations, the findings suggest messages are only reaching 20 per cent.

Until recently, ‘litigation culture’ meant email regulations centred on protecting staff from potentially offensive spam. Now however, new laws dictate that spam filters operate in their least aggressive modes to avoid deleting business-critical information – which also makes email management a greater priority.

In addition, the retail sector deviates from the majority, reporting overall that effective email management will not improve operational efficiency. However, the highest proportion of respondents from this sector stated they do believe effective email lifecycle management reduces exposure to business continuity problems.

“Essentially we’ve found that companies are very good at creating the policies and filling out the paperwork but they are simply paying lip service to the laws if they do not invest in educating their staff on their personal responsibilities,” commented Diagonal Security’s principal consultant Michael Stimson.

“I am encouraged that the majority of organisations have formal procedures in place but they need to revisit them at least annually, thoroughly training all their staff on why the regulations are in place.”