Continued from page 1
Liability
Part I of Maximizing E-mail Security ROI series discussed serious problem of spam flood rushing toward enterprise gateway. While primary costs of spam are largely volume-related, just one offensive or disparaging internal e-mail can be equally damaging to company coffers. As overall volume of e-mail sent across Internet rises exponentially, we have seen a corresponding spike in number of messages containing jokes, images, video clips and other non-workplace-appropriate content sent from one employee to another within an organization or to friends and family outside organization.
The frequently sexual or racial nature of this “friendly fire” spam means that organizations must be more vigilant than ever in ensuring that these messages never reach their intended targets. The U.S. Supreme Court has ruled that employers are potentially liable for sexual harassment by their employees, even if they are unaware of it. Employees who feel violated by an e-mail sent from a coworker can file a lawsuit alleging a hostile work environment and cause significant financial harm to an enterprise found legally liable for violation. According to ePolicy Institute, over a quarter (27%) of large companies have defended themselves against claims of sexual harassment resulting from inappropriate e-mail and/or Internet use. For example, Chevron paid $2.2 million to settle a sexual harassment suit stemming from tasteless e-mail sent to female employees from male employees.
Enterprises face additional risk of an employee sending false or slanderous e-mail about coworkers, employer or their competition. One of most egregious cases involves UK firm Norwich Union. In 1999, an employee sent an e-mail stating that one of their main competitors was in financial trouble and being investigated by Department of Trade and Industry. The competitor took legal action against Norwich Union and received £450,000 (over $840,000 USD) in an out-of-court settlement.
Reputation and Credibility
They say “Hell hath no fury like a woman scorned.” Don’t believe them. A sufficiently disgruntled employee, male or female, could giveth her a serious run for her money. While airing gripes around water cooler is relatively standard practice in many organizations, airing those same gripes via e-mail can prove devastating to a company’s image. Damage from negative remarks e-mailed outside company by employees is both immediate and residual—the message recipient might choose to forward it to a friend, or post it on an industry message board or Internet rumor mill. Once message leaves enterprise gateway, you don’t know where it may turn up…but you know that it will. Whether information being circulated is true or not is completely irrelevant—the damage is done instant “Send” button is clicked.
There is no doubt that contents of corporate e-mails reflect on business. UK law firm Norton Rose learned this hard way when two of their employees distributed sexually graphic “Claire Swire” e-mail, which has been read by over 10 million people around world (there’s a decent chance you’re one of them). As Norton Rose was clearly identified by name in e-mail, this scandal caused massive reputation damage and continues to circulate today, compounding harm already done. This is but one example; a UK study revealed that small- to medium-sized businesses are losing £1.5 billion ($2.8 billion USD) every year to e-mail and web abuse and misuse, representing a 15% dent in their potential profits. Can your company afford to operate on a fraction of its normal revenue every year? Neither can most.
Lay Down Law
E-Mail policy enforcement must be an ongoing effort across enterprise. To learn more about how to ensure that your company doesn’t suffer consequences of careless e-mail behavior, download CipherTrust’s FREE whitepaper, Controlling Spam: The IronMail Way.
Part IV of this series will consider issues involved in determining ROI for preventing e-mail system intrusion.
CipherTrust is the leader in anti-spam and email security. Learn more by downloading our free whitepaper, “Controlling Spam: The IronMail Way” or by visiting www.ciphertrust.com.