Annual DataMotion Survey Reveals Employees Violating Security and Compliance Policies and Major Mobile Vulnerabilities

FLORHAM PARK, N.J., March 4, 2015 /PRNewswire/ -- DataMotion™, an experienced email encryption and health information service provider (HISP), today announced results from its third annual survey on corporate email and file transfer habits. The findings reveal a significant amount of security risk occurring within organizations. Although companies are increasingly putting security and compliance policies in place – with nearly 90 percent of respondents affirming that fact in 2014 (compared to 81 percent in 2013 and 80 percent in 2012) – more than one-third said they don't think employees fully understand their company's security and compliance policies.

Additional findings show that nearly 44 percent of respondents admitted that within their company, security and compliance policies are at most only moderately enforced. Furthermore, more than three-quarters of respondents said they believe employees at least occasionally violate their company's compliance and security policies, and more than one in five said those who do so are aware of what they are doing, but violate it anyway to simply get their job done.

DataMotion polled more than 780 IT and business decision-makers across the U.S. and Canada. In particular, the survey focused on individuals who routinely work with sensitive data and compliance regulations in a variety of industries including healthcare, financial services, education and government.

Additional key insights from the survey include:

• Email Encryption Still Lacking
  • Almost 30 percent of respondents don't have the ability to encrypt email, remaining similar to last year's finding of 28.3 percent.
  • Nearly one-third of respondents are not confident in their company's current email encryption policy.
  • 42.1 percent of respondents said their company will spend at least $10,000 in the next year on email encryption.
• Mobile Use Widespread But Encryption Isn't
  • Nearly 86 percent of respondents said their organization permits the use of mobile devices for email. However, of those who have the ability to encrypt email and allow email use on a mobile, almost 36 percent do not have the capability to send and receive encrypted email directly from their mobile email client.
  • The risk is especially high among smaller organizations with 47.4 percent stating email encryption was not enabled on their mobile clients, versus 30.9 percent for large organizations.
• Compliance Confidence is Lackluster
  • More than half of respondents believed it was at least somewhat likely their company would be selected for a compliance audit within the next year. Yet, nearly 60 percent admitted they are, at most, only somewhat confident their organization would pass this type of audit.
  • When comparing small and large organizations, larger companies (1,000+ employees) were less confident they would escape a compliance audit with two-thirds saying it was at least somewhat likely they would be selected, while 35.9 percent of smaller companies (less than 100 employees) said it was likely.
• Efforts to Reduce Risk
  • Almost two-thirds of respondents said their organization is conducting ongoing training to improve compliance and security policy adherence.
  • Nearly 43 percent said their company is using technology to monitor and report security risks.
  • More than half said their organization is conducting more frequent communication regarding policies.
• Business Associates and the Long Tail of HIPAA/HITECH
  • Almost 70 percent of respondents whose organizations have a business relationship with a healthcare entity also process Protected Health Information (PHI). Yet more than a quarter of these said they were either not a Business Associate (BA) or were unsure if they were.
  • Of those processing a healthcare entity's PHI, 40.5 percent had either not been asked to sign a Business Associate Agreement or were unsure if they had. 
  • HIPAA regulations redefined BAs to include downstream entities such as subcontractors, data backup companies and personal health record providers. Many not previously impacted by HIPAA/HITECH now fall under its long tail. Both of the above numbers show a lack of awareness, placing BAs and the healthcare entities they work with at risk for non-compliance.

"Though the survey shows us there is year-over-year growth in the number of companies putting security and compliance measures in place, the widespread security risks occurring are of great concern," said Bob Janacek, chief technology officer at DataMotion. "Particularly at a time when a number of organizations – both large and small – have experienced serious data breaches, it is essential that companies have strong security and compliance policies in place and that they ensure their employees fully understand and diligently follow them."

"These measures should be across the board, as the data shows a gaping hole in security when it comes to mobile devices – with many companies permitting their use but not taking into account their lack of email encryption capabilities," added Janacek. "Hopefully, this data will provide organizations with a better understanding of what steps need to be taken to ensure security and compliance."

To view the full survey report, click here or visit: http://www.datamotion.com/get-datamotion-2014-survey-report-secure-email-file-transfer-corporate-practices/

To view a healthcare-specific survey report, click here or visit: http://www.datamotion.com/get-datamotion-2014-survey-report-healthcare-secure-email-file-transfer-practices/

About DataMotion

Since 1999, DataMotion™ SaaS technology has enabled organizations of all sizes to reduce the cost and complexity of delivering electronic information to employees, customers and partners in a secure and compliant way. Ideal for highly regulated industries, the DataMotion SecureMail portfolio offers easy-to-use encryption solutions for email, file transfer, forms processing and customer-initiated contact. In the healthcare sector, DataMotion is an accredited HISP (health information service provider) of Direct Secure Messaging. The DataMotion Direct service enables efficient interoperability and sharing of patient data across the continuum of care. DataMotion is privately held and based in Florham Park, N.J. For the latest news and updates, visit www.datamotion.com, follow DataMotion on LinkedIn or Twitter® @datamotion.

Media Contacts:

Monica Hutton
DataMotion
(973) 455-1245 x510
[email protected]

Marty Querzoli
Davies Murphy Group
(781) 418-2433
[email protected]

Logo - http://photos.prnewswire.com/prnh/20120413/NE87365LOGO

SOURCE DataMotion

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED