In today's digital age, email has become an essential tool for communication and collaboration in the workplace. However, the convenience of email has led to a common but concerning practice among staff – using email as a file and document storage repository. Storing sensitive information in email exposes organisations to significant risks, as it compromises data security, hinders data governance, and may lead to potential data breaches. In this article, we explore the prevalent use of email as a storage medium, the reasons behind it, and the importance of implementing a robust data governance program to address these risks effectively.

The Prevalence of Email as Document Storage

The use of email as a document repository is widespread in many organisations. Staff members frequently save important files, attachments, and documents directly into their email accounts. This practice is fuelled by the ease of attaching files to emails, quick access to information, and familiarity with the email interface. Unfortunately, this convenience comes at a high price, as email is not designed to be a secure file storage solution.

Reasons Behind Using Email for Storage

Several factors contribute to the prevalence of using email as file storage. One primary reason is that staff often lack confidence in alternative file storage systems available within the organisation. They may find these systems slow, confusing, or cumbersome to use, leading them to resort to the familiar and straightforward interface of email for document storage.

Moreover, the fear of important documents not being readily available when needed pushes employees to rely on email. Email inboxes are easily accessible from multiple devices, granting staff the convenience of accessing files after hours or while on the go, without being restricted by organisational firewalls or network access limitations.

Using Personal Email and Cloud Storage

In addition to storing sensitive information within the organisation's email system, employees may also resort to using their personal email accounts or cloud storage services. The motive behind this is the desire for uninterrupted access to files beyond official working hours. However, this practice raises significant concerns over data security and compliance, as personal accounts often lack the robust security measures and data governance protocols implemented in organisational systems.

The Crucial Role of Ongoing Data Governance

It is essential for organisations to understand where staff members store sensitive information and take proactive measures to mitigate the risks associated with using email as a document repository. Implementing a strong ongoing data governance program is crucial to address these concerns effectively. Such a program should focus on educating employees about data security best practices, encouraging the use of secure file storage systems within the organisation, and raising awareness about the potential consequences of non-compliance with data policies.

The Security Risks

Storing sensitive information as copies in email exposes the data to a plethora of security risks. Email accounts are vulnerable to hacking, phishing attacks, and unauthorised access. In the event of a data breach, the sensitive information stored in email becomes readily available to malicious actors, potentially leading to financial losses, reputational damage, and legal implications for the organisation.

In Summary

The prevalent practice of using email as file and document storage poses substantial risks to organisations. Staff members often resort to this method due to various factors such as convenience, familiarity, and easy accessibility. However, this practice compromises data security, hinders effective data governance, and increases the chances of data breaches. Organisations must prioritise implementing an ongoing data governance program to educate employees about secure data storage practices and encourage the use of approved file storage systems. By doing so, organisations can better protect sensitive information and ensure the confidentiality, integrity, and availability of their critical data.

Christopher McNaughton

Strategic Advisor, ShadowSight

Who is Christopher McNaughton

Chris is a proficient problem solver with a strategic aptitude for anticipating and addressing potential business issues, particularly in areas such as Insider Threat, Data Governance, Digital Forensics, Workplace Investigations, and Cyber Security. He thrives on turning intricate challenges into opportunities for increased efficiency, offering pragmatic solutions derived from a practical and realistic approach.

Starting his career as a law enforcement Detective, Chris transitioned to multinational organisations where he specialised and excelled in Cyber Security, proving his authority in the field. Even under demanding circumstances, his commitment to delivering exceptional results remains unwavering, underpinned by his extraordinary ability to understand both cyber and business problems swiftly, along with a deep emphasis on active listening.

What is ShadowSight

ShadowSight is an innovative insider risk staff monitoring tool that proactively guards your business against internal threats and safeguards vital data from unauthorised access and malicious activities. We offer a seamless integration with your current systems, boosting regulatory compliance while providing unparalleled visibility into non-compliant activities to reinforce a secure digital environment. By prioritising actionable intelligence, ShadowSight not only mitigates insider threats but also fosters a culture of proactive risk management, significantly simplifying your compliance process without the overwhelming burden of false positives.