Employees perceive spam as an annoyance rather than a potential security threat

(22/05/2008)

Complacency is still rife amongst UK employees toward e-mail security, according to a new research released by Websense. Nearly one third (31%) of respondents stating they were satisfied with their company not fully protecting e-mail as they didn’t feel they would be targeted by cybercriminals.

The survey also reveals that 35% of respondents said a hacker’s gaining access to their computer through an e-mail borne attack would not happen to them, while 72% had a blasé attitude to e-mail spam saying receiving e-mails from a sender they did not recognise was an annoyance rather than a potential security threat.

The “Websense E-mail Security” survey of more than 100 respondents also reveals that UK employees are exposing their company and personal data to potential e-mail borne security threats in the way they deal with spam, including:
* 40% of respondents open the preview screen to check spam e-mails
* 33% open an e-mail from an unknown sender before deciding how to handle it
* 22% open spam e-mails and admit to sometimes clicking on the embedded Web links enclosed in these
* While losing company confidential information was more of a concern than the risk of a hacking incident, 40% of respondents still thought this was not a risk to them.

Other key survey findings:
* Companies leaving staff in the dark: More than half (56%) of respondents said they were left guessing about whether their e-mail was protected or not, with companies failing to send out any communication about the level of e-mail security protection provided.
* Personal Webmail evades protection: When accessing their personal e-mail account at work, 42% of respondents know they are not protected from security attacks launched through personal Webmail.
* Gaps left in e-mail security: The survey highlights potential gaps in the e-mail security provided to employees, with 23% of respondents not protected against malicious code contained within e-mail attachments. The survey reveals a number of grey areas where respondents did not know whether they were protected or not:
* 18% didn’t know whether they were protected against malicious phishing e-mails
* 21% didn’t know their level of protection against other inappropriate or malicious e-mails
* Just over one quarter (26%) said they were either not protected or did not know whether they were protected against harmless but unwanted spam.
* Responsibility rests with companies: 67% of respondents thought that responsibility for e-mail security should rest with the IT department and 15% considered they should take personal responsibility. Only 8% called for a law to be put in place ensuring protection against e-mail threats at work.
* Lack of trust in e-mail to send sensitive data: The majority of respondents (62%) said they would not choose to send a sensitive or confidential document via e-mail, indicating an apparent lack of trust in e-mail as a secure means of communication. Instead, preferred methods of sending sensitive data include:
* 22% would print the document in send it by registered or special delivery
* 15% would opt to send a document using a courier
* 5% would even choose to send a confidential document using the regular post rather then send electronically.

“Today’s security attacks are becoming more targeted and stealthy, with cybercriminals using multiple channels and attack methods to weave their way into an organisation to steal corporate and personal data,” said Ross Paul, director of product management, Websense.

“This research indicates a knowledge shortfall about e-mail security amongst UK employees. With e-mail threats so sophisticated, organisations that have not taken responsibility for security away from their employees are leaving their company data exposed and employee personal data at risk. Businesses need to ensure they have real-time Web and e-mail security in place combined with robust business processes and proactive staff education, to protect their confidential information and safeguard their employees.”

Related topics:  Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources