A news release from the Sunnyvale, California-based Proofpoint, an e-mail security consultant, said 34% of survey respondents reported the leak of sensitive or embarrassing information in 2009, up from 23% the year before.
The economic downturn has not only made the problem more complex, it has made it more difficult for companies to find the necessary resources with which to combat it, the news release said. For example:
- 50% of respondents say that budget constraints have hurt their organization’s ability to protect confidential, proprietary, or sensitive information in the past 12 months.
- 42% of respondents say that increasing numbers of layoffs at their organizations in the past 12 months have created an increased risk of data leakage. Some 47% of respondents report that layoffs of IT staff have negatively impacted their organization’s ability to protect confidential, proprietary and sensitive information in the past 12 months.
- 18% of U.S. companies investigated a suspected leak or theft of confidential or proprietary information associated with an employee leaving the company (e.g., through voluntary or involuntary termination) in the past 12 months.
Social Network Danger?
But the danger signs are coming from more places than just traditional email boxes, according to Proofpoint. More U.S. companies are suffering data leaks involving networking Web sites such as Facebook or LinkedIn this year compared to last year (17% versus 12%).
The number of employers firing workers for those security violations was also up in 2009 – 8% vs. 4% last year, the news release said. Even the increasingly popular Twitter network presented problems with its short messages. Some 13% of U.S. companies investigated an exposure event involving mobile or Web-based short message services in the past 12 months, according to the survey.
In response to the electronic security issues, according to the survey, 38% of firms said they designate an employee to read or analyze the content of outbound email (up from 29% last year). Some 33% said they assign people to do nothing but monitor email, up from 15% the year before.
Email is still the primary technology security threat (43% of firms had investigated the leak of confidential or proprietary information via email). Nearly a third of firms (31%) terminated an employee for violating e-mail policies in the same period (up from 26% in 2008).
But the threats didn't stop with email. Security breaches from blog postings continue, according to the survey: 18% had investigated a data loss event via a blog or message board in the past 12 months. Some 17% disciplined an employee for violating blog or message board policies, while nearly 9% reported terminating an employee for such a violation (both increases from 2008, 11% and 6%, respectively).
More U.S. companies reported investigating exposure from video files posted on Web sites such as YouTube (18%, up from 12% in 2008). As a result, 15% have disciplined an employee for violating multimedia sharing/posting policies in the past 12 months, while 8% reported terminating an employee for such a violation, according to the news release.
The June 2009 study covered 220 email decisionmakers at U.S. companies with more than 1,000 employees. Information on ordering a copy of the study report is available here .
« SEC Announces Enforcement Initiatives