Maximizing Email Security ROI Part III No More Mr Nice Guy Enforcing E Mail Policy

This is the third of a five-part series on Maximizing E-mail Security ROI.

E-mail is an easy, cheap and readily available form of communication. It’s a great tool for businesses, but without proper safeguards in place to regulate the information transmitted it can also be a potential threat. An effective e-mail policy should be all-encompassing, helping organizations comply with federal regulations, protect intellectual property and prevent offensive materials from being transmitted across their networks.

Companies in the healthcare and financial industries are compelled by law to ensure that they meet strict requirements with regards to patient and customer information privacy. In addition, virtually all publicly traded companies must now implement measures to prevent leaks of confidential corporate information. A large part of complying with these regulations involves the implementation and enforcement of corporate e-mail policy.

According to The ePolicy Institute’s “2003 E-Mail Rules, Policies and Practices” study, only about half (52%) of 1100 U.S. companies surveyed have any form of e-mail monitoring and policy enforcement. Even more alarmingly, only 19% monitor internal e-mail and only 39% monitor outgoing e-mail, leaving a large majority of American businesses wide open to a litany of harsh consequences. These consequences include financial penalties due to violations of federal legislation, loss of competitive advantage from breaches of confidentiality, lawsuits from employees alleging a hostile work environment and destruction of company reputation as a result of disgruntled employees or irresponsible e-mail use.

This week’s newsletter will focus on the issues surrounding e-mail policy enforcement and what companies can do to ensure that they are not harmed by regulatory violations, intellectual property loss, costly litigation and embarrassing headlines.

Regulatory Compliance

In nearly every industry, e-mail is the primary method of communication, both internally and outside the organization. Healthcare professionals use it to collaborate with colleagues and staff and correspond with patients. Banks, brokerage firms, insurance companies and tax preparation firms use it to communicate with customers and partners and perform countless millions of online transactions every day. Company employees and executives use e-mail to relay messages discussing corporate financial performance, proprietary product information and human resource records.

The ever-increasing reliance on e-mail is has brought with it federal legislation such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Gramm-Leach Bliley Act of 1999 (GLBA) and Sarbanes-Oxley Act of 2002 (SoX), mandating the protection of confidential information that is stored on, or accessible through, enterprise networks. Generally speaking, this legislation is designed to compel businesses to:

• Ensure that e-mail messages containing confidential information are kept secure when transmitted over an unprotected link;
  
• Ensure that e-mail systems and users are properly authenticated so that confidential information does not get into the wrong hands;
  
• Protect e-mail servers and message stores where confidential information may be stored; and
  
• Identify and track information that must remain confidential.
  

Asset and Intellectual Property Protection

Among a company’s most important assets are its proprietary product- or service-related data and other information designed to attain competitive advantage. However, e-mail’s prevalence and ease of use make it a ticking time bomb for companies wishing to protect this information. A study published by PC Week revealed that upwards of 30% of 800 employees surveyed admitted that they had sent confidential information such as financial reports, customer records or product data via e-mail to recipients outside the company. Ten percent admitted receiving e-mail containing confidential information.

Not surprisingly, most breaches of confidentiality originate within a company. A classic example of this is Borland International, a U.S. software company. A Borland employee used the company’s e-mail system to send confidential information to Symantec, his new employer and one of Borland’s main competitors. The information transmitted included product design specifications, sales data and information regarding a prospective contract for which both companies were competing. As a result, both the (former) Borland employee and the message recipient were charged with trade secret theft, and a civil lawsuit followed (though it would seem unlikely that any financial award could repair the lasting damage caused by the intellectual property loss).

Liability

Part I of the Maximizing E-mail Security ROI series discussed the serious problem of the spam flood rushing toward the enterprise gateway. While the primary costs of spam are largely volume-related, just one offensive or disparaging internal e-mail can be equally damaging to the company coffers. As the overall volume of e-mail sent across the Internet rises exponentially, we have seen a corresponding spike in the number of messages containing jokes, images, video clips and other non-workplace-appropriate content sent from one employee to another within an organization or to friends and family outside the organization.

The frequently sexual or racial nature of this “friendly fire” spam means that organizations must be more vigilant than ever in ensuring that these messages never reach their intended targets. The U.S. Supreme Court has ruled that employers are potentially liable for sexual harassment by their employees, even if they are unaware of it. Employees who feel violated by an e-mail sent from a coworker can file a lawsuit alleging a hostile work environment and cause significant financial harm to an enterprise found legally liable for the violation. According to the ePolicy Institute, over a quarter (27%) of large companies have defended themselves against claims of sexual harassment resulting from inappropriate e-mail and/or Internet use. For example, Chevron paid $2.2 million to settle a sexual harassment suit stemming from tasteless e-mail sent to female employees from male employees.

Enterprises face the additional risk of an employee sending false or slanderous e-mail about coworkers, the employer or their competition. One of the most egregious cases involves UK firm Norwich Union. In 1999, an employee sent an e-mail stating that one of their main competitors was in financial trouble and being investigated by the Department of Trade and Industry. The competitor took legal action against Norwich Union and received £450,000 (over $840,000 USD) in an out-of-court settlement.

Reputation and Credibility

They say “Hell hath no fury like a woman scorned.” Don’t believe them. A sufficiently disgruntled employee, male or female, could giveth her a serious run for her money. While airing gripes around the water cooler is relatively standard practice in many organizations, airing those same gripes via e-mail can prove devastating to a company’s image. Damage from negative remarks e-mailed outside the company by employees is both immediate and residual—the message recipient might choose to forward it to a friend, or post it on an industry message board or Internet rumor mill. Once the message leaves the enterprise gateway, you don’t know where it may turn up…but you know that it will. Whether the information being circulated is true or not is completely irrelevant—the damage is done the instant the “Send” button is clicked.

There is no doubt that the contents of corporate e-mails reflect on the business. UK law firm Norton Rose learned this the hard way when two of their employees distributed the sexually graphic “Claire Swire” e-mail, which has been read by over 10 million people around the world (there’s a decent chance you’re one of them). As Norton Rose was clearly identified by name in the e-mail, this scandal caused massive reputation damage and continues to circulate today, compounding the harm already done. This is but one example; a UK study revealed that small- to medium-sized businesses are losing £1.5 billion ($2.8 billion USD) every year to e-mail and web abuse and misuse, representing a 15% dent in their potential profits. Can your company afford to operate on a fraction of its normal revenue every year? Neither can most.

Lay Down the Law

E-Mail policy enforcement must be an ongoing effort across the enterprise. To learn more about how to ensure that your company doesn’t suffer the consequences of careless e-mail behavior, download CipherTrust’s FREE whitepaper, Controlling Spam: The IronMail Way.

Part IV of this series will consider the issues involved in determining ROI for preventing e-mail system intrusion.





Article Source: http://www.BharatBhasha.com
Article Url: http://www.bharatbhasha.com/email.php/18049

Other Articles related to "Maximizing Email Security ROI Part III No More Mr Nice Guy Enforcing E Mail Policy" by CipherTrust

•Maximizing E mail Security ROI Part V A New Twist to an Old Problem Email Encryption by CipherTrust This is the last of a five-part series on Maximizing Email Security ROI. Throughout the ages, people have encrypted communications to suit their information security needs. In the 1st century B.C., Julius Caesar didn’t trust the couriers who carried his messages to trusted acquaintances. So, he replaced every A with a D, every B with an E, and so on, all the way through the alphabet. Only those who knew Caesar’s shift-by-three rule could decipher his messages. Over 2000 years... •Maximizing Email Security ROI Part II Stop Viruses Before They Stop You by CipherTrustThis is the second of a five-part series on Maximizing Email Security ROI. Across the spectrum of information security risks, most casual users understand the dangers posed by viruses and worms. Network administrators have even more reason to fear a virus attack, as a successful assault can cripple corporate networks for days. The lasting damage, however, is much more difficult to determine with precision, as the residual financial impact of a virus infection extends long after... •Maximizing E mail Security ROI Part IV The Digital Monsters under Your Bed E Mail Intruders by CipherTrust This is the last of a five-part series on Maximizing Email Security ROI. Remember your kid fears? As soon as the lights went out, the monsters under your bed began plotting ways to get you. Somehow, though, you always managed to outsmart them and make it through the night. Then one night you grew up, and the monsters went away for good. Well, they're back. And they've unionized.International rings of hackers, many backed by funds from organized crime groups, are the new... •Maximizing Email Security ROI Stop Spam and Save by CipherTrustThis is the first of a five-part series on Maximizing Email Security ROI In the realm of email security threats, the costs of spam are relatively easy to recognize. Although most organizations rarely, if ever, take the time to calculate their spam costs, they can easily account for the losses caused by spam with regards to employee productivity, consumption of IT resources and help desk costs. Harder to measure are the less obvious, and potentially catastrophic, costs incurred... •How HIPAA Security Policies Affect Corporate E mail Systems by CipherTrustAlthough considered by many to be the sole concern of health care providers, the Health Insurance Portability and Accountability Act (HIPAA) affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 and it's original purpose was to protect employee health and insurance information when workers changed or lost their jobs. As use of the internet became more widespread in the mid-1990s, HIPAA requirements... •3 Criteria for Controlling Enterprise Spam by CipherTrustOr: T*ake Y O U R email ba & ack + From the Sp@mmers! 0400constrictor bubble snake informational If you have a business, then you have a spam problem. The efficiencies of communicating through e-mail not only benefit organizations like yours; they also benefit the spammers who profit off of sending pernicious e-mails to millions of people every day. In fact, spam is so cost-effective that it costs less than $0.0004 to send a single spam. That’s 25 emails for just one penny! The... •Detecting and Eliminating Computer Viruses at the Gateway by CipherTrustTraditional anti-virus software only stops known computer viruses – stopping undefined computer viruses requires a different approach.In the past, network administrators scrambled to apply new virus signatures whenever new computer viruses were discovered. While these signatures will stop a known threat, it takes time for anti-virus vendors to develop them. Unfortunately, the newest and most damaging viruses are able to spread so quickly that the damage is done before a... •Your Reputation Precedes You by CipherTrust A Look at the Past, Present and Future of Email Reputation Systems “Reputation, reputation, reputation! Oh, I have lost my reputation! I have lost the immortal part of myself, and what remains is bestial.”--Spoken by Cassio, in Shakespeare’s Othello (circa 1602)Though written over four centuries ago, the sentiment behind these words still holds true – you’re nothing without your reputation. Every day, different reputation systems dictate who you are to those who don’t know you.... •Does Your Email Reputation System Have a Bad Rep Does Your Email Reputation System Have a Bad Rep?   by CipherTrustThe recent spike in the volume of spam traveling across the Internet, combined with the dangers of phishing and virus attacks that frequently accompany these messages, has forced enterprises to reconsider how they determine which messages will be allowed into their network. The latest advances in anti-spam technology have been enabled in part by the use of reputation services which determine the “good” and “bad” senders. There... •E mail Security Governance E mail Encryption and Authentication as a Business Enabler by CipherTrust How to Easily Secure Your E-mail System and Comply with HIPAA, Sarbanes-Oxley, and GLBA RegulationsWhile recent government regulations vary in scope and purpose, the need to protect and ensure the integrity of information is universal. Much of the information germane to business today is assimilated and communicated over messaging platforms such as e-mail. As a result, the need for a comprehensive approach to the secure delivery of e-mail affects almost all organizations,...

Click here to see More Articles by CipherTrust

Articles In LimeLight

Stocking And Maintaining Your Goldfish Pond By Lee Dobbins Added on Saturday, April 19, 2008 How Can I Value My House? By Ryan J Bell Added on Friday, April 18, 2008 Data Entry Services: What Are The Four ‘I's’? By Alan Lim Added on Thursday, April 17, 2008 Selecting Laminate Flooring In Colors To Fit Your Home By A.Caxton Added on Sunday, April 20, 2008 Guide To Buying The Nylon Stockings That Fits You By Low Jeremy Added on Monday, April 21, 2008 Eva And Raroc In Banking Performance Metrics By Sam Miller Added on Saturday, April 19, 2008 The Truth About Hair Transplant Surgery By Bertil Hjert Added on Sunday, April 20, 2008 Some Quick Relief Headache Remedies Work Wonders By Ann Marier Added on Sunday, April 20, 2008 The Last King Of Spain? By Roger Munns Added on Saturday, April 19, 2008 Control Your Acid Reflux Disease By Making Lifestyle Changes By Tori A Hewitt Added on Saturday, April 19, 2008 Hair Loss Prevention - Save Your Hair Now! By Darren W Added on Sunday, April 20, 2008 Are The Columbus Schools’ Policies As Tough As Their Bullies?? By Patricia Hawke Added on Sunday, April 20, 2008 How To Judge The Best Place To Invest In By Jon Caldwell Added on Saturday, April 19, 2008 Why Some Denver Homes Don’t Sell? By Bruce Swedal Added on Saturday, April 19, 2008 The Latest On Basement Mold Removal By Markus Skupeika Added on Sunday, April 20, 2008 Spirituality - Inspirational Stories ( Part 71 ) By Vish Writer / Swami Vivekananda Added on Friday, April 18, 2008 Bankruptcy vs. Credit Card Debt Counseling By Ted Batron Added on Thursday, April 17, 2008 Cheap Car Loans Are Available By Louis Rix Added on Sunday, April 20, 2008 How Much Sleep Is Enough? By Gary M. Miller Added on Monday, April 21, 2008 Spirituality - Inspirational Stories ( Part 70 ) By Vish Writer / Swami Vivekananda Added on Saturday, April 19, 2008