State and federal regulations targeting financial and personal data affect almost every enterprise, with mandates to protect and secure all forms of information. While these regulations rarely explicitly mention email, laws are broadly written and generally interpreted to cover email and other forms of electronic communication.

Publicly traded enterprises, particularly those in banking and healthcare industries, must guarantee privacy and security of customer or patient information in email by encrypting message and monitoring outbound email for unencrypted or inappropriate patient or customer information. In addition to protecting private information through policy enforcement, companies are responsible for protecting private information while in transit across Internet.

Failure to encrypt confidential information that results in a violation of regulatory policy can lead to steep corporate fines as well as possible criminal charges, fines and jail time for company executives. In addition, company faces likely lawsuits from customers and patients whose confidential information is compromised.

To help ensure security of confidential information and compliance with regulations, businesses must ensure that:

• Email messages containing confidential information are kept secure when transmitted over an unprotected link
• Email systems and users are properly authenticated so that confidential information does not get into wrong hands
• Email servers and message stores where confidential information may be stored are protected

Make Sure it’s Greek to Them

A comprehensive email security approach including encryption is most effective defense against all external and internal threats. For more information on how to encrypt information entering and leaving your enterprise email network, download CipherTrust's FREE whitepaper, "Protecting Email Privacy: Overview of IronMail Privacy Architecture".

CipherTrust and The IronMail Insider wish you and yours a safe and happy holiday season and all best for a prosperous 2005!

A terrifying example of liability faced by an organization which fails to prevent intrusions happened very recently. On August 1, 2004, a database intrusion occurred through one unsecured computer at University of California - Berkeley. The intrusion wasn't discovered until August 30, meaning hackers had a full month of unfettered access to personal information of as many as 1.4 million disabled and elderly Californians, opening door to a potentially devastating class action suit by those affected. This incident serves as a disturbing reminder that a single workstation can sacrifice identities of millions.

Reputation

Loss of trust from partners and customers due to a company's failure to prevent hackers from accessing their network can be just as destructive as any lawsuit. Failure to prevent intrusions into an e-mail system will leave administrators with few, if any, options after damage is done. Business partners will be understandably reluctant to share any of their proprietary information, and customers will likely look to your competitors to ensure that their private data is safe.

Not surprisingly, most companies will go to great lengths to hide fact that their systems have been compromised. Over 50% of respondents to 2004 Computer Crime and Security Survey by FBI and Computer Security Institute indicated that they did not report system intrusions to law enforcement or legal council because of fear of negative publicity. Of course, if they'd had effective intrusion prevention in first place, there wouldn't be anything to report.

Asset/IP protection

The only way to ensure that all information residing on, or accessible through, e-mail servers is protected is to make it completely invisible to hackers and other would-be intruders. While some software-based approaches do serviceable jobs of detecting intrusion attempts and thwarting them when they happen, mere fact that hacker knows where network is provides motivation enough to keep trying to find a way in.

When your company's intellectual property is stolen or otherwise compromised, catastrophic costs can be staggering. According to 2004 Computer Crime and Security Survey, a total of 269 respondents from U.S. corporations, government agencies, financial institutions, medical institutions and universities reported intellectual property losses totaling $11,460,000 in damages from theft of proprietary information. An unfortunate side note to this statistic: 98% of survey respondents had firewall protection in place, a revealing testament to ineffectiveness of stand-alone security components.

Get Rid of Modern-Day Monsters

A comprehensive e-mail security approach including elements of anti-spam, anti-virus, policy enforcement, intrusion prevention and encryption is most effective defense against all external and internal threats. For more information on how to protect your enterprise network from all manner of e-mail threats, download CipherTrust's FREE whitepaper, “"Securing E-Mail Boundary: An Overview of IronMail".

The final installment of Maximizing E-Mail Security ROI series will discuss issues surrounding encryption of confidential information contained in e-mail messages.