3 Criteria for Controlling Enterprise SpamWritten by CipherTrust
Or: T*ake Y O U R email ba & ack + From Sp@mmers! 0400constrictor bubble snake informational
If you have a business, then you have a spam problem. The efficiencies of communicating through e-mail not only benefit organizations like yours; they also benefit spammers who profit off of sending pernicious e-mails to millions of people every day. In fact, spam is so cost-effective that it costs less than $0.0004 to send a single spam. That’s 25 emails for just one penny!
The Spam Problem
According to Meta Group, “Companies are routinely getting 20,000 daily spam messages, putting significant burden (e.g. bandwidth and storage consumption) on mail relays, SMTP gateways, and internal mail servers.”
To make matters worse, companies have invested millions of dollars in spam-fighting technologies that have been rendered obsolete within months of purchase by innovation of spammers who have found ways to thwart new technologies along way. Examples of spammer ingenuity abound. As recently as mid-2003 Bayesian logic was touted as immutable defense against spam, but by early 2004, most spam had evolved to be “Bayesian-proof”. There are even programs available for download on internet that will “test” your spam for you before you send it to make sure it will get past spam filters.
Clearly, solution is to partner with a company that specializes in fighting spam. Who you choose is a crucial step because you don’t want your solution to become obsolete within a few months, and you certainly don’t want to create a problem with false positives.
Criteria 1 – Diversity – The Cocktail Approach to Filtering Spam
The first step in addressing spam is identifying it. But, unlike viruses, spam identification is not straightforward. There is no “smoking gun” that clearly indicates to a detection system that a message is a spam. For instance, common approach of looking for keywords such as “Viagra” or “Free”, misses many spams. The method of blocking known spammer IP addresses lags and does nothing to deter determined spammers. Any effective spam detection system must employ multiple techniques for identifying and measuring probability that a message is spam including newer heuristic analysis and real-time collaborative spam filtering tools.
Criteria 2 – Flexibility – Different Strokes for Different Folks
How HIPAA Security Policies Affect Corporate E-mail SystemsWritten by CipherTrust
Although considered by many to be sole concern of health care providers, Health Insurance Portability and Accountability Act (HIPAA) affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 and it's original purpose was to protect employee health and insurance information when workers changed or lost their jobs. As use of internet became more widespread in mid-1990s, HIPAA requirements overlapped with digital revolution and offered direction to organizations needing to exchange healthcare information. HIPAA regulations apply to any establishment that exchanges individually identifiable healthcare information.
Collaboration between healthcare professionals, their colleagues, their patients, and employers has grown progressively more digital, and e-mail has played an ever-increasing role in this communication. In process of this development, need for information security and privacy has created an impediment to widespread adoption.
In addition to usual concerns about privacy and security of e-mail correspondence, even organizations that are not in heathcare industry must now consider regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how e-mail containing PHI should be treated in corporate setting. HIPAA, as it relates to e-mail security, is an enforcement of otherwise well-known best practices that include:
Organizations regulated by HIPAA must comply and put these practices in place. However, need to comply with regulations puts particular pressure on healthcare industry to enhance their use of technology and “catch up” with other industries of similar size and scope.
- Ensuring that e-mail messages containing PHI are kept secure when transmitted over an unprotected link
- Ensuring that e-mail systems and users are properly authenticated so that PHI does not get into wrong hands
- Protecting e-mail servers and message stores where PHI may exist
The privacy protection provisions in HIPAA pose a major compliance challenge for healthcare industry. These provisions are intended to protect patients from disclosure of any of their individually identifiable health information. Organizations that fail to protect this information face fines ranging from $10,000 to $25,000 for each instance of unauthorized disclosure. If disclosure is found to be intentional, HIPAA provides for fines ranging from $100,000 to $250,000 and possible jail time for individuals involved in violations.