London, UK (18th March 2011 ) –Peter Wood, a speaker at the upcoming ISACA European Computer Audit, Control and Security Conference (EuroCACS) event in Manchester, said that personal e-mail services, are being increasingly used for business purposes¾a situation that places company data at great risk.

 According to Wood, CEO of penetration testing specialists at First Base Technologies, the use of personal e-mail for business is expanding, creating security issues such as a lack of data leak prevention (DLP) controls and increased data leakage due  to a lack of encryption at the endpoint.

  Wood also said that the boundaries between personal and business e-mail accounts are blurring and therefore placing company data at increased risk and creating greater risks of compliance problems.

"PCI DSS, data protection, freedom of information and even a potential breach of e-mail service providers’ terms of business are potentially involved here," he said, adding that it is even possible that the employer might become a litigant in this scenario.

And, it gets worse. Wood explained that the potential for loss of corporate secrets along with corporate espionage and leaks to the news media also frequently stem from use of personal e-mail for business purposes.

"This can damage an entire organization, and even touch all of its brands. Competitors can steal pricing information and the organization can be the victim of corporate fraud, all because of this issue," he said.

The ISACA EuroCACS speaker went on to say that he and his team are also seeing personal mail used for questions being asked in forums.

"Individuals may not realise it, but they may be giving away highly technical information about their organisation, as Web mail can be much less secure than normal e-mail," he concluded.

Peter Wood is speaking in the security stream at EuroCACS, which will be held 20-23 March in Manchester. For more information visit www.isaca.org/eurocacs.

About ISACA

With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.

ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

Follow ISACA on Twitter:  http://twitter.com/ISACANews

Media Contacts:

Neil Stinchcombe, Eskenzi PR,