Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Email Content Security White Paper

Email Content Security White Paper



|Views: 55|Likes:
Published by deborahg266
This white paper discusses the email risks that companies face and what email security measures companies can and should take to protect themselves.
This white paper discusses the email risks that companies face and what email security measures companies can and should take to protect themselves.

More info:

Published by: deborahg266 on Apr 11, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





White paperEmail content security
Addressing the email risks
Email content security - Addressing the email risks Page 1
Email content security
Addressing the email risks
Email is a great business tool. It’s fast, cheap, universal and easy to deploy.However, companies that make use of email are confronted with a number of risks.Viruses and spam are the most obvious risks. Viruses can cause down time, loss of productivity and in the worst case can expose confidential data. Spam is not onlyoffensive and annoying; it causes loss of productivity, decreases bandwidth and costscompanies billions of dollars each year. Legal liability is another cause for concern.Several high-profile lawsuits with multi-million dollar penalties have highlighted thefact that companies are liable for the contents of the emails that are sent over theirnetwork. Therefore, every smart company that uses email must take measures inorder to stop, or at least minimize the effect of these email risks.
Top 6 Email risks
Companies that make use of email face the following potential risks:
#1. Lost productivity & network congestion
Employees sending personal emails and sifting through spam mail can cause major lossof productivity. For example, if each employee takes 5 seconds to view a spam mail,based on an average salary of 25 dollars per hour, this will cost the employer 3 centsper spam mail. If every employee received 25 spam mails per day, spam would cost acompany with 100 users no less than 20,000 dollars per year. In addition to spam andpersonal emails, viruses can also lead to network downtime and in turn cause lostproductivity.
#2. Legal liability
In most cases the employer is held responsible for all the information transmitted on orfrom their systems. Consequently inappropriate emails sent on the company networkcan result in multi-million dollar penalties. In the last few years there have been severalhigh profile lawsuits such as the case against a global oil company filed by four femaleemployees. The employees alleged that sexually harassing emails sent through thecompany email system caused a threatening work environment. One of the sexuallyoffensive messages was a ‘joke’ sheet entitled ’25 reasons why beer is better thanwomen’. The company settled the case for no less than 2.2 million dollars.
#3. Damage to reputation
There is no doubt that the contents of corporate emails reflect on the business. Abadly written email, or an email containing unprofessional remarks will cause therecipient to gain a bad impression of the company the sender is representing. UK lawfirm Norton Rose had to find this out the hard way when two of their employeesoriginated the ‘Claire Swire’ email, a sexually explicit email that ended up being read
Email content security - Addressing the email risks Page 2
by over 10 million people around the world. Especially since the company in questionwas a law firm, and the employees were attorneys, this email caused severe damageof reputation.
#4. Confidentiality breaches
Most confidentiality breaches occur from within the company. These breaches can beaccidental, for instance a Siemens Nixdorf employee unintentionally distributedconfidential internal emails to a trade worker’s association. In Australia, a travelcompany accidentally sent a customer list to a competitor when an employeeselected an incorrect alias as the recipient. However confidentiality breaches can alsobe intentional. Borland International Inc. filed a lawsuit against one of their formeremployees who had used the company’s email system to send out confidentialinformation to competitor Symantec, his new employer. The trade secrets includedproduct design specifications, sales data and information regarding a prospectivecontract for which both companies were competing. The employee and recipient wereboth charged with trade secret theft.
#5. Regulatory compliancy
New and existing regulations are forcing companies to keep a record of their emailsand to protect their client’s privacy. In the US, the Health Insurance Portability andAccountability Act (HIPAA) requires health care institutions to keep a record of theiremail communications and secure confidentiality of information. The U.S. Securitiesand Exchange Commission (SEC) and Gramm-Leach-Bliley Act (GLBA) impose similarduties on financial institutions. In the new IRS Circular 230, the IRS requires taxadvisors to add an email disclaimer to any emails including tax advice, expresslystating that the opinion cannot be relied upon for penalty purposes. Steep penaltiescan apply to those organizations that do not comply with their industry’s regulations.In a case lasting from 2000 until 2005, a well-known financial institution wasrecently forced to pay 20 million dollars in penalties by the Securities and ExchangeCommission for not diligently searching for email back-up tapes and over-writingmultiple back-up tapes.
#6. Increasing bandwidth and storage needs
Not only is the use of attachments growing, their size is increasing as well. Accordingto the Radicati Group, attachments make up more than 85% of all email data. Largeattachments use up bandwidth and storage space. Although the cost of storagespace has decreased over the years, the larger the message store, the moremanagement it requires and the longer it takes to restore messages after a mailserver failure.
How to protect against email risks
The first step in securing your company from email risks is to create an email policythat sets out all the do’s and don’ts regarding the company’s email system. Next,you must enforce your email policy by distributing it amongst your employees andeducating users in their email use. Finally, you require content checking softwarethat filters your internal and external email traffic in order to enforce your emailpolicy.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->