High numbers of Irish firms admit to sending sensitive data by email

24 Feb 2012

Almost two-thirds of Irish businesses in a survey said staff members have sent confidential business information over email.

Of the total 63pc, 35pc had sent out proprietary company details by email, and 28pc had sent customers’ financial or identity information the same way.

Almost one in four respondents (23pc) said they had to discipline an employee for sending confidential business information over email, and in 4pc of cases such an incident led to dismissal.

Some 200 Irish IT executives were polled for the survey carried out by iReach on behalf of the IT distributor DataSolutions. The research was split into two parts, covering intrusion prevention from external threats and data loss caused by the accidental or intentional actions of internal personnel.

The survey also suggests that as many as 14,000 Irish businesses have had their data compromised. The figure was arrived at by using the total number of active Irish enterprises as registered with the Central Statistics Office and the survey finding that 7pc of respondents admitted their data had been compromised.

In this case, respondents were asked the question: “There have been a lot of high-profile hacks recently – has your data ever been compromised or lost?”

Michael O’Hara, managing director of DataSolutions, suggested the finding was probably lower than the true amount. “While 7pc of those surveyed admitted to having their data compromised, the number is likely to be much higher as many organisations may be unaware of any malicious attacks or threats to their networks, particularly as many threats target end users,” he said.

The survey also found that 26pc of businesses don’t carry out any data security checks, putting their internal systems and users at increased risk. DataSolutions said this was a “surprisingly high number”, considering the amount of publicity around recent security breaches.

Train staff about security

Brian Honan, head of the information security firm BH Consulting, said companies need to be aware that sensitive information can be exposed by accident or deliberate actions by staff, or that their security can be compromised by external attackers.

“The best thing to do is to ensure that your systems are patched and secure with the most up-to-date software and security systems, and that staff are fully trained both in the systems they’re using and of the risks to the data they’re handling,” Honan advised.

Honan said training staff to be more aware of security threats is one of the most useful preventative measures. Even as businesses mind their costs carefully in the current economic climate, this doesn’t have to be an expensive option, he added.

“Training of staff can be very cost-effective and bring a lot of value to the business,” he said. “There is the old saying that an employer will ask: ‘What if I spend money on my staff and they leave?’ But another way to look at it is: ‘What if you don’t train them and they stay’?”

Gordon Smith was a contributor to Silicon Republic