Maximizing Email Security ROI: Part III - No More Mr. Nice Guy: Enforcing E-Mail Policy

Written by CipherTrust

This isrepparttar third of a five-part series on Maximizing E-mail Security ROI.

E-mail is an easy, cheap and readily available form of communication. It’s a great tool for businesses, but without proper safeguards in place to regulaterepparttar 109500 information transmitted it can also be a potential threat. An effective e-mail policy should be all-encompassing, helping organizations comply with federal regulations, protect intellectual property and prevent offensive materials from being transmitted across their networks.

Companies inrepparttar 109501 healthcare and financial industries are compelled by law to ensure that they meet strict requirements with regards to patient and customer information privacy. In addition, virtually all publicly traded companies must now implement measures to prevent leaks of confidential corporate information. A large part of complying with these regulations involvesrepparttar 109502 implementation and enforcement of corporate e-mail policy.

According to The ePolicy Institute’s “2003 E-Mail Rules, Policies and Practices” study, only about half (52%) of 1100 U.S. companies surveyed have any form of e-mail monitoring and policy enforcement. Even more alarmingly, only 19% monitor internal e-mail and only 39% monitor outgoing e-mail, leaving a large majority of American businesses wide open to a litany of harsh consequences. These consequences include financial penalties due to violations of federal legislation, loss of competitive advantage from breaches of confidentiality, lawsuits from employees alleging a hostile work environment and destruction of company reputation as a result of disgruntled employees or irresponsible e-mail use.

This week’s newsletter will focus onrepparttar 109503 issues surrounding e-mail policy enforcement and what companies can do to ensure that they are not harmed by regulatory violations, intellectual property loss, costly litigation and embarrassing headlines.

Regulatory Compliance

In nearly every industry, e-mail isrepparttar 109504 primary method of communication, both internally and outsiderepparttar 109505 organization. Healthcare professionals use it to collaborate with colleagues and staff and correspond with patients. Banks, brokerage firms, insurance companies and tax preparation firms use it to communicate with customers and partners and perform countless millions of online transactions every day. Company employees and executives use e-mail to relay messages discussing corporate financial performance, proprietary product information and human resource records.

The ever-increasing reliance on e-mail is has brought with it federal legislation such asrepparttar 109506 Health Insurance Portability and Accountability Act of 1996 (HIPAA), Gramm-Leach Bliley Act of 1999 (GLBA) and Sarbanes-Oxley Act of 2002 (SoX), mandatingrepparttar 109507 protection of confidential information that is stored on, or accessible through, enterprise networks. Generally speaking, this legislation is designed to compel businesses to:

  • Ensure that e-mail messages containing confidential information are kept secure when transmitted over an unprotected link;
  • Ensure that e-mail systems and users are properly authenticated so that confidential information does not get intorepparttar 109508 wrong hands;
  • Protect e-mail servers and message stores where confidential information may be stored; and
  • Identify and track information that must remain confidential.
Failure to comply withrepparttar 109509 information privacy laws due to violation of company policy carries with it stiff financial penalties forrepparttar 109510 enterprise (up to $250,000 per incident) and possible criminal charges and jail time for company executives. The good news is that a comprehensive messaging security approach can play a major role in maintaining a company’s information integrity, greatly enhancing its return on security investment.

Asset and Intellectual Property Protection

Among a company’s most important assets are its proprietary product- or service-related data and other information designed to attain competitive advantage. However, e-mail’s prevalence and ease of use make it a ticking time bomb for companies wishing to protect this information. A study published by PC Week revealed that upwards of 30% of 800 employees surveyed admitted that they had sent confidential information such as financial reports, customer records or product data via e-mail to recipients outsiderepparttar 109511 company. Ten percent admitted receiving e-mail containing confidential information.

Not surprisingly, most breaches of confidentiality originate within a company. A classic example of this is Borland International, a U.S. software company. A Borland employee usedrepparttar 109512 company’s e-mail system to send confidential information to Symantec, his new employer and one of Borland’s main competitors. The information transmitted included product design specifications, sales data and information regarding a prospective contract for which both companies were competing. As a result, bothrepparttar 109513 (former) Borland employee andrepparttar 109514 message recipient were charged with trade secret theft, and a civil lawsuit followed (though it would seem unlikely that any financial award could repairrepparttar 109515 lasting damage caused byrepparttar 109516 intellectual property loss).

Is it a Newsletter or Just One More Commercial?

Written by Francisco Aloy

When I purchased my very first computer, not too long ago, I signed up for many Internet Marketing Newsletters. Though it's been a few years, I still have them.

I've subscribed to at least 300 Newsletters and it affords me a broad outlook. My idea was to track and compare them. The plan was to see how each one of them changed over time and look for any discernible patterns, any nugget of information.

Well, I've been able to spot changes andrepparttar view isn't a pretty one!

The general trend is to give preference to sales instead of communication withrepparttar 109499 subscriber base. Perhapsrepparttar 109500 first few issues are well balanced and in favor ofrepparttar 109501 reader. However, as time goes by,repparttar 109502 universal tendency is to disregardrepparttar 109503 needs ofrepparttar 109504 reader.

The Newsletters I'm talking about are very easy to spot: they'll devote a single paragraph torepparttar 109505 reader and immediately insert a product hyperlink. It's gotten so bad, I've received Newsletters with a multitude of stingy 3 or 4 line paragraphs, each leading to a sales link!

Try as I might, I can't understandrepparttar 109506 reason for such Newsletters? Can you? What they are saying is this: Hi, this is Joe Blow and let me tell you how this is going to work: I'm gonna send you this irrelevant, so-called Newsletter. I'm going to offer little content and a mountain of product links! To do your part, we expect you to click onrepparttar 109507 links and buy, buy, buy!

Oh my! I can't wait a week forrepparttar 109508 next one!

They are insulting and a complete waste of time forrepparttar 109509 reader, as well asrepparttar 109510 author. Sadly, they keep pumping them out, week after week! Why would anybody publish such utter rubbish? There must be a good reason eZine Publishers limit submitted articles to a hyperlink inrepparttar 109511 resource box!

Cont'd on page 2 ==> © 2005
Terms of Use