RESEARCH conducted by IT security and control firm Sophos has revealed that 70 per cent of businesses are concerned about sensitive material falling into the wrong hands as a result of data leakage via e-mail.

A further 50 per cent of employees admit to having accidentally sent an embarrassing or sensitive e-mail to the wrong person from the workplace, demonstrating that e-mail leakage is a very real concern.

Sophos experts note that this can potentially cause corporate embarrassment, compliance breaches and the loss of business-critical information.

Speaking to BizIT, Jim Dowling, Sophos' director of sales for Asia, noted that the corporate e-mail system typically contains as much as 80 per cent of business records.

The consequences of leakage of this data can be severe, from adverse publicity that damages customer relationships and corporate reputation to non-compliance fines, litigation and liability claims that erode revenue, he said.

"Many of our customers in Singapore have raised concerns about their employees accessing instant messaging and Web mail applications, as well as social networking sites at the workplace, as this increases the risk of inadvertent data leakage. This is particularly important to organisations in regulated industries such as legal and financial," Mr Dowling added.

While the Sophos study does not have country specific quantitative data, Mr Dowling quoted a recent study, The Global State of Information Security 2007 conducted by CIO, CSO and PriceWaterhouseCoopers, which found that only 19 per cent of organisations surveyed knew whether or not their employees were complying with information security policies, while the rest, 81 per cent had simply no clue.

"Around 52 per cent of Singapore organisations neither audit nor track user compliance with the set security policies; this is a pretty worrying situation," Mr Dowling said.

Businesses would be wise to check that their e-mail security solutions have the facility to prevent this from happening by identifying when sensitive data or attachments are contained in the message, and if they don't, to consider a more water-tight alternative, he added.

"As more and more business, and indeed personal interaction, is conducted via work e-mail, the risk of slipping up and clicking send without double-checking the recipient's details is ever-growing," added Graham Cluley, senior technology consultant at Sophos.

The fact that as many as half of employees have experienced that heart-stopping moment when they realise that their message is hurtling towards the wrong person, shows that the human error factor is too significant to ignore," Mr Cluley added.

Mr Dowling pointed out that to combat the risk of leaked information, Sophos recommends that companies install an e-mail security solution that enables them to scan messages for sensitive data and keywords, and that uses encryption to ensure that business critical e-mail are sent securely.

Furthermore, an effective appliance will identify and block confidential attachments, including those that have had their file type altered by the sender.

This will ensure that accidental e-mail loss and leakage by malicious intent are both thwarted.

"The vast majority of data leakages via e-mail are purely accidental, so companies that put a solid solution and security policy in place, and those that educate employees on responsible e-mail use, will mitigate the risks and dramatically reduce the possibility of critical data loss," Mr Dowling noted.