Unintentional Employee Misuse Top Driver for Enterprise Email Risk

Business Wire, July 9, 2008

MessageGate Activity Profiles Reveal Top Causes for Unnecessary Enterprise Risk Vulnerability

BELLEVUE, Wash. -- MessageGate, Inc., a leader in enterprise email controls for corporate risk management, today released market insights that identify the top drivers for rising enterprise email risk. The research findings name employee email misuse and inadequate enterprise email controls as the primary forces behind an increase in unnecessary enterprise risk vulnerability.

"Enterprises continue to focus solely on education programs to change their employees' casual attitude and behavior surrounding email," said Brian Babineau, senior analyst with Enterprise Strategy Group (ESG). "Unfortunately, there needs to be more done as the informal nature of email is ingrained within today's workforce and can create unnecessary risk. Organizations must find ways to leverage technology to implement and consistently enforce enterprise email controls and usage policies to provide insurance against momentary judgment lapses and unintentional security breaches."

According to research collected during MessageGate Activity Profile (MAP) customer audits, the top drivers increasing enterprise email risk include:

1. Employee Email Misuse: Employee misuse remains the top issue driving enterprise email risk. Employee comfort with email causes misuse and mistakes that are easily avoided. Two examples appear repeatedly in email usage audits:

* Users misaddress email or rely too heavily on auto-complete features, unintentionally leaking sensitive intellectual property or customer data to the wrong audience. Surprisingly, employees take additional caution with credit card numbers, but continue to take unnecessary risks with Social Security numbers and other personal data.

* Employees leverage email to increase efficiency, bypassing established security measures like corporate VPNs. To access files at home, employees send sensitive corporate files to personal Web-based email accounts. The Web host then indexes the email to its internal servers, exposing the corporate files to unnecessary risk due to insufficient security controls.

2. Inappropriate Email Abuse: Employees view corporate email as private communication instead of a legal business record. Corporate policies and education programs almost always exist, but little is done to enforce governance. As a result, personal email intermixes with corporate communication that is open to e-discovery regulations. It is common for offensive email to be sent within the enterprise network, exposing the enterprise to potential sexual harassment, discrimination or other law suits.

3. Insufficient Enterprise Email Controls: Enterprises continue to rely on education policies to change email use, ignoring the casual attitude ingrained in employee behavior. If systems are in place, they typically only include forensic reporting. No action is available within the email stream to enforce enterprise email policies and prevent unintentional misuse or inappropriate abuse.

4. Rising Regulation Enforcement: Modern enterprises are regulated by numerous mandates, including SOX, SEC Rules, FRCP, FERC and countless others. Yet, IT departments still ignore email requirements within the regulations. For example, email controls are not in place to enforce quiet periods or block unauthorized communication between regulated parties. Also, email is archived without proper categorization or management tools, leaving many unable to retrieve regulated email in a timely manner. Mandates are now being enforced with severe consequences. Corporations and its officers are behind held accountable, driving the need to mitigate any unnecessary risk.

5. Uninformed IT Departments: IT departments turn a blind eye to email use across corporate networks. Most neglect conducting usage audits to find out how enterprise email is being used and abused. Proper policies cannot be implemented or enforced if IT departments do not know what needs to be controlled.

"Corporate email is fraught with risk, generating daily news headlines touting major enterprise email breaches of sensitive corporate intellectual property and customer data," said Norbert Orth, president and CEO for MessageGate. "It's time for enterprises to manage email risk and accept responsibility for implementing email security controls to prevent sensitive data loss."

MessageGate facilitates enterprise email risk management through email controls that incorporate active security and archive policies. The company promotes proper email use through activity profiles, archive categorization, policy enforcement, user education and email filtering.

About MessageGate

With a simple and practical approach, MessageGate provides software and services for enterprise email controls to leading companies worldwide. From product to architecture, MessageGate makes a company's experience with email management both simple and secure. Helping companies cope with threats, improve archival and retrieval activities, and ensure proper usage across a variety of industries, MessageGate's offerings include MessageGate[R] Activity Profile (MAP), MessageGate[R] Policy Enforcement, MessageGate[R] Archive Categorization, and MessageGate[R] Email Filtering. For more information, call 1-877-544-8500 or visit www.messagegate.com.