At mid-sized and larger companies, the question is not if data has been compromised in the recent Hotmail, Yahoo and GMail phishing attacks, but how much and how effectively the company can recover without embarrassment, fines or worse.
The truth is many modern knowledge workers don’t care about IT policies designed to protect sensitive data, and these employees often workaround HR policies and even IT controls on e-mail and files. Even Alaskan governors have been burned, after all. But with 8% of companies firing employees for social networking-related offenses, how many companies actively seek out and discipline employees for forwarding the occasional “internal-use only” document on their @hotmail.com, @gmail.com, or @yahoo.com address?
In tightly-controlled industries, like medicine and finance, it’s more likely to be common practice with strict enforcement, but time and again I heard even law firms bend the rules or just look the other way for the sake of convenience.
So the question is: Is your personal e-mail policy clear? And is it enforced? I’d love to hear what you see at your own business, so leave a comment or e-mail me directly at Michael@ITKnowledgeExchange.com. If requested, I’ll keep your name and any other identifying details private.
More on personal e-mail in the enterprise:
- Palin’s Yahoo! hack raises security concerns
- Is your IT department fighting Google guerillas?
- U.S., EU personal data protection laws make e-discovery risky