Email structure not properly managed

David Stanley, managing director EMEA at Proofpoint, claimed that encryption is often mis-sold, as companies do not need every member of staff to be sending out protected emails.

Stanley said: "Encrypting everything is not worth it, you end up encrypting messages that will read ‘what do you want for your tea tonight'. You should look to encrypt on the pay grade and then you know that if it is not encrypted it should not go out.

"People are saying I need encryption but we are saying that you need intelligence. You only need to encrypt ten per cent of the employees, companies do send a lot that needs to be encrypted but should concentrate on the movement of information."

Stanley further claimed that redundancies are leaving remaining employees with a heavier workload and this is causing a data management problem, he said that from a consultancy perspective, Proofpoint sees that people are overworked and will email work to their personal email in order to work from home, inadvertently causing an incident despite having the best intentions for the organisation.

"I would say that 90 per cent of data leakage is a mistake, if I wanted to deliberately leak information I would take a photo of it or use a removable media. We ask a company how many laptops they lose in a year, they could respond with one, two or ten. We then ask them how many people will use email, and they respond with everyone. It is much easier to control the email structure. If you look at 80 per cent of what you need to stop you use 20 per cent of the effort," said Stanley.