Rogue e-mailing – using personal e-mail accounts to send and receive work documents – and the associated information security risk is exacerbated by the laissez-faire attitude of most South African employers.
This is one of the findings from Mimecast’s Generation Gmail Report, an internationally-commissioned study investigating attitudes to work e-mail use conducted in South Africa, the UK, US and Canada.
The South African results revealed how noticeably local attitudes to e-mail differ. Christelle Hicklin, customer experience manager at Mimecast SA, says that what make the South African results so interesting are the extremes.
A massive 82% of respondents say that e-mail is their preferred method of communication, versus only 66% of the total sample.
“An incredible 97% of South Africans consider it essential that their e-mail is problem-free. This understanding of how much South African corporate users love e-mail explains some of the other, no less extraordinary, but a lot more worrying results,” says Hicklin.
While 81% of South African users send work e-mails from their personal email accounts, one in five are doing it on a regular basis. And, although almost 80% realise this exposes their companies to risk, close to half feel it’s still an acceptable practice.
“When I first read these results I was dumbfounded,” says Hicklin. “The obvious disconnect between knowing something is bad but not changing behaviour is perplexing. That is until I realized that most e-mail users are choosing what they consider to be the lesser of the two evils.”
Corporate users are working around the e-mail policies, mailbox limitations and e-mail size restriction to get their work done. The reason behind sending e-mail to and from personal e-mail accounts is primarily to work from home.
Although 71% of respondents are simply trying to get the job done, 23% use personal e-mail when the files are too big to get through the corporate server and almost one in five use a personal account because the content of the e-mail is too confidential to trust the corporate network.
“All this information tells us that, while data leakage is the biggest risk with rogue e-mailing, it is not the average user’s intent. Only 6% admitted to using personal accounts to ensure that they could have the information once they left the company. It’s funny when you think about it – it’s our good old-fashioned work ethic and can-do attitude that’s putting companies at risk.”
Employees’ attitudes to rogue e-mailing is made worse by South African organisations’ not taking responsibility for their e-mail policies.
“Employee behaviour can and should be influenced by company policy and culture. With only half of the respondents confirming the existence of a policy it’s clear that businesses need to get more actively involved in communicating, educating and enforcing e-mail usage that protect the company, while supporting the needs of the users.
“It appears that often organisations fail at both – setting rules and creating an e-mail environment that truly addresses the needs of their staff,” says Hicklin.
There are technology answers to the issue of rogue e-mailing. Addressing the issues of mailbox size limitations, message size restrictions and email policy deployment can be done via technology but the human issues require a much more human intervention.
“Companies need to start with a two-pronged approach. The needs of users must be balanced with clear policies and education programmes to ensure employees truly understand the impact of rogue e-mailing. The procedural clarity with some education and change management is the only way to protect organizations from their workaholic, productivity focused staff,” Hicklin says.