2005: An Email Compliance Odyssey - Get your enterprise ready to comply with multiple federal information privacy laws

Written by CipherTrust


“The two overarching themes for compliance management in 2005 will berepparttar adoption of best practices andrepparttar 105305 accelerated focus on and use of IT.” --Gartner Research

Federal legislation targetingrepparttar 105306 dissemination of private information has forced businesses in every industry to rethink how they communicate. The three primary regulations,repparttar 105307 Health Insurance Portability and Accountability Act (HIPAA),repparttar 105308 Gramm-Leach-Bliley Act (GLBA) and Sarbanes-Oxley (SOX) affect virtually every aspect of an organization’s information sharing practices, and complying with these laws requires a new approach to communication as a whole. As e-mail has becomerepparttar 105309 most important communication tool for any organization, special care must be taken to ensure that all messages sent or received are withinrepparttar 105310 realm of legally appropriate interaction.

Each ofrepparttar 105311 three primary regulations affects a different area of an enterprise’s communications. The HIPAA and GLBA regulations are similar in scope, but differ in their targeted industries; SOX differs in that it pertains not only to personal information, but also torepparttar 105312 integrity of financial reporting data. Whilerepparttar 105313 acts differ from one another in their language, they all share one common attribute: stiff penalties for those who violate them.

For email, most vendors have focused on content filtering and encryption technology as a contributor to compliance. While both of these technologies are necessary for ensuring compliance, relying solely on these tools does not provide adequate protection. An effective approach to regulatory compliance must consist of multiple technologies working together to:

  • Accurately detect regulated material
  • Dynamically act to prevent compliance violations in real time
  • Protect not only messages but also users and systems
  • Verify and demonstrate compliance through reporting and integrity checks

Detection The text contained within an e-mail message must be thoroughly scanned in order to identify terms that could constitute a violation ofrepparttar 105314 law. Dynamic dictionaries of regulation-specific terms must be maintained and common formats such as Social Security and credit card numbers must be identified beforerepparttar 105315 message leavesrepparttar 105316 e-mail gateway. File attachments present an additional risk, as they can contain libraries of information that must also be handled in accordance with federal guidelines. To neutralizerepparttar 105317 threat of file attachments, file attachments must be verified based on their encoding, not just their extension. Archives such as .zip files must also be thoroughly scanned in order to evaluate everything contained inrepparttar 105318 archive.

Violation Prevention While identifying compliance violations isrepparttar 105319 first step inrepparttar 105320 process of regulatory compliance, detection alone is insufficient. Knowledge of a violation is important, but stoppingrepparttar 105321 violation before it ever leavesrepparttar 105322 gateway is imperative. A compliance solution that is deployed atrepparttar 105323 email gateway ensures that no messages will leave or enterrepparttar 105324 organization without first passing throughrepparttar 105325 appliance. This ensures thatrepparttar 105326 organization is not left exposed to employee error or malicious intent, whether from outsiderepparttar 105327 gateway or within it.

Intellectual Property Theft Has Never Been Easier - Is your enterprise protected?

Written by CipherTrust


Intellectual property (IP) is atrepparttar core of any business. Confidential manufacturing processes, financial information, customer lists, digital source code, marketing strategies, research data or any other compilation of information used to obtain competitive advantage could be deadly to your enterprise if it ends up inrepparttar 105302 wrong hands.

Email-Based Communication Vulnerabilities IP can leaverepparttar 105303 enterprise at any of a number of points. Failure to quickly recognize and protect these “soft spots” in your network security could have tragic results forrepparttar 105304 long-term viability ofrepparttar 105305 company.

Attachment and content filtering Unless your email security solution includes robust attachment and content filtering elements, anyone with access to your email network can send literally file cabinets worth of information to a private email account, to be retrieved at their convenience from any computer inrepparttar 105306 world. A single attachment can contain many years’ worth of confidential information, and if you allow it to leave your enterprise gateway, you may as well just publish it.

Intrusion prevention Intrusion prevention is another Achilles’ heel for companies with inadequate email security in place. Even intermediate hackers can use email to gain access torepparttar 105307 company’s digital backbone unlessrepparttar 105308 necessary steps have been taken to keep them out. Once these hackers have access torepparttar 105309 network, they can steal virtually anything stored anywhere on your network. For an example, we need look no farther back than August 2004, whenrepparttar 105310 University of California, Berkeley suffered a network intrusion that resulted inrepparttar 105311 theft ofrepparttar 105312 personal information of about 600,000 people.

Email encryption Failure to encrypt email communication can also provide opportunity for would-be IP thieves. Messages to trusted partners, customers or any other recipients outsiderepparttar 105313 network can be intercepted and read by anyone with rudimentary knowledge of email systems. Encrypting these conversations ensures that nobody butrepparttar 105314 sender and recipient haverepparttar 105315 ability to readrepparttar 105316 messages contained withinrepparttar 105317 email.

Phishing The explosion in phishing attacks, which utilize social engineering tactics to extract confidential information from email users, has presented a completely new and extremely dangerous method of IP theft. Unwitting employees are an easy target for phishers, who may pose as business partners, clients or any other “friendly” sender in order to gain access to sensitive information.

Cont'd on page 2 ==>
 
ImproveHomeLife.com © 2005
Terms of Use