Study highlights use of personal email for corporate data

A recent survey of 4,006 employees in North America and Europe found that 49 percent of mid-market managing directors (MDs) and C-level executives (CxOs) have used a personal email account to send sensitive business information.

The survey, conducted by Opinion Matters and commissioned by Iron Mountain, also found that 57 percent of MDs and CxOs have left business-sensitive or confidential information on the printer for all to see, and 40 percent have sent information over an insecure wireless network.

Forty-three percent of MDs and CxOs have disposed of documents in a potentially insecure trash bin, and 39 percent have lost business information in a public place.

Lower-level employees seem to be far more security-conscious -- just 29 percent of administrative staff have left confidential information in the printer and just 15 percent have lost company documents in a public place.

When it comes to following processes designed to protect sensitive information, 21 percent of CxOs said they find such processes too complex, and look for a workaround. Another 14 percent don't follow company policies regarding information security because they find the policies too complicated, and 6 percent are unaware of any such policies at all.

"Our research shows that business leaders in the mid-market are more likely to put sensitive information at risk than any other employee," Iron Mountain UK commercial director Elizabeth Bramwell said in a statement.

"They tend to bypass the very protocols designed to keep information secure. Given the potential consequences, this is concerning. The financial penalties for companies who fail to meet data handling and security obligations are getting more severe."

"But getting it right is not just about avoiding fines; the reputational damage associated with a data breach can erode customer loyalty and impact the bottom line," Bramwell added.

"With the stakes so high, companies need to put the policies and processes in place to support good information governance. On its own, this may not be enough; companies must promote behaviors that protect sensitive company information."

A survey of 1,022 U.S respondents conducted earlier this year found that 13 percent of employees have let their colleagues use devices that can access their employer's network, 9 percent have let their partners do so, and 1 percent have even allowed their children to do so -- despite the fact that one in five employees have no security software on their work devices.

The survey, conducted by Arlington Research on behalf of OneLogin, also found that 20 percent of employees share their work email passwords, and 12 percent share passwords to other work applications.

Notably, almost half of all employees said they're unaware of any company policies regarding sharing of passwords.

"Security breaches are a near-daily occurrence in the news," OneLogin CISO Alvaro Hoyos said in a statement. "Given that it takes only one compromised account to lead to a breach, these lax security practices are troubling, especially when you consider that they coudl take place at your bank, at your children's school, or in your local government. A breach at one location can lead others, especially with bad password habits like password reuse."