Maximizing Email Security ROI: Part II - Stop Viruses Before They Stop You

Written by CipherTrust

This isrepparttar second of a five-part series on Maximizing Email Security ROI.

Acrossrepparttar 109503 spectrum of information security risks, most casual users understandrepparttar 109504 dangers posed by viruses and worms. Network administrators have even more reason to fear a virus attack, as a successful assault can cripple corporate networks for days. The lasting damage, however, is much more difficult to determine with precision, asrepparttar 109505 residual financial impact of a virus infection extends long afterrepparttar 109506 actual attack is over. Lost employee productivity, consumption of IT and Help Desk resources andrepparttar 109507 potential for lost data can all exponentially increaserepparttar 109508 hard costs of a virus attack on an enterprise.

The recent proliferation of new “Zero-Day” virus attacks such asrepparttar 109509 May 2004 Sasser worm, which raced acrossrepparttar 109510 world in minutes and caused $3.5 billion in damages, has once again brought virus protection torepparttar 109511 forefront ofrepparttar 109512 collective consciences of network administrators and CIOs. Quantifyingrepparttar 109513 risks posed by viruses and worms to CEOs and CFOs to justify expenditures on network security, however, can be a real challenge. This week,repparttar 109514 second installment in The IronMail Insider’s five-part series on maximizing email security ROI will shed some light on how to accurately calculaterepparttar 109515 potential for loss due to virus attack, and more importantly, how to explain that potential torepparttar 109516 controller ofrepparttar 109517 corporate purse strings.

Lost Employee Productivity

Now that email isrepparttar 109518 undisputable primary communication method for most organizations,repparttar 109519 loss of email due to attack can severely affect enterprise operations. Beyondrepparttar 109520 immediate financial expenses involved in restoringrepparttar 109521 network, an attack on your enterprise email system also directly results in countless lost work hours for employees for as long asrepparttar 109522 network remains inoperable. In addition, time spent by end users contacting help desk resources, waiting for infected workstations and servers to be cleaned, and installing patches and updates will negatively impactrepparttar 109523 company’s bottom line untilrepparttar 109524 last workstation has been cleaned andrepparttar 109525 last user has returned to productivity.

Consumption of IT and Help Desk Resources

Bandwidth consumed byrepparttar 109526 spread of a virus or worm slows network speed to a crawl or shutsrepparttar 109527 entire network down at once, and infected workstations frequently lock up due torepparttar 109528 processing power consumed byrepparttar 109529 virus. Afterrepparttar 109530 attack, Help Desk employees spend days and weeks cleaning individual workstations, repairing servers and applying patches inrepparttar 109531 hopes that another attack can be avoided, when they should be available to end-users to solve more mundane issues.

Attacks that take down entire networks cause exponentially higher levels of lost productivity than those that take down only individual workstations. According to The Computer Virus Prevalence Survey, in 2003 almost a third of businesses worldwide had suffered a virus "disaster," defined as 25 or more computers infected by a single virus inrepparttar 109532 same incident, costing an average of almost $100,000 to clean up each time. More than three quarters suffered outages that caused a loss of productivity, and two thirds indicated that a major effect of an attack was to make a PC inaccessible.

Corporate email policies lower unnecessary legal and security risks.

Written by Anti Spam League

What comes to your mind when you think about your email? Email makes possible almost instant communication with your co-workers without leaving your desk, a quick note to a family member who lives far away, but also has a very annoying downside such as junk mail. Sincerepparttar introduction ofrepparttar 109502 Internet, email has been one of its primary uses. The fact that it is a fast, cheap and easy means of communication, makes email a great business tool. But there are also a series of threats for employers associated with email usage. Email threats such as confidentiality breaches, legal liability, lost productivity and damage to reputation cost organizations millions of dollars each year. Inrepparttar 109503 majority of cases, companies are held responsible for allrepparttar 109504 information transmitted on or from their systems. As a result, inappropriate emails can result in multi-million dollar penalties in addition to other costs. For example, a Federal Communications Commission (FCC) employee unintentionally sent a dirty joke entitled ‘Nuns in Heaven’ to 6,000 journalists and government officials onrepparttar 109505 agency's group email list. This employee's lapse in judgment and electronic mistake resulted in negative publicity and national embarrassment forrepparttar 109506 FCC. Inrepparttar 109507 US, Chevron settled a case filed by four female employees for $2.2 million. The employees alleged that sexually harassing emails sent throughrepparttar 109508 company’s email system caused a threatening work environment. One ofrepparttar 109509 sexually offensive messages was a joke sheet titled ’25 reasons why beer is better than women’. A company can also be liable if one of its employees sends an email containing a virus. Confidentiality breaches can be accidental, for instance when an employee selects a wrong contact name inrepparttar 109510 ‘To:’ field, or intentional, such asrepparttar 109511 case where an employee uses his corporate email account to send confidential information to one ofrepparttar 109512 company’s competitors. Inrepparttar 109513 latter case, bothrepparttar 109514 employee andrepparttar 109515 recipient could be charged with trade secret theft. Nonetheless, whether it is by mistake or on purpose,repparttar 109516 result ofrepparttar 109517 loss of confidential data isrepparttar 109518 same. Lost productivity due to inappropriate use of a firm’s email system is becoming a growing area of concern. A recent survey revealed that 86 per cent of workers used their company email to send and receive personal emails. Given that it has become very hard in our modern world to segregate people's personal lives outside ofrepparttar 109519 workday, companies struggle to find effective ways of balancing employee freedoms and corporate protection. In addition to personal emails, unwanted spam messages are a significant time waster. Spam and personal abuse of email can also cause a corporation’s email system to waste valuable bandwidth resources. A Gartner Group study held under 13,000 email users found that 90 percent receive spam at least once a week, and almost 50 percent get spammed more than 6 times a week. Personal emails cause network congestion since they are not only unnecessary, but tend to be mailed to a large list of recipients and often include large attachments such as mp3, executable or video files that users do not zip. Adopting an anti-spam system alone has not proven effective to stop spam. The combination of spam- blockers with other methods of spam control technologies such as SIDF, SPF, Bayesian Filters, Blacklists, Whitelists, Anomaly Detection, and Spam Signatures has proven to be much more effective. There are also special organizations such asrepparttar 109520 Anti SPAM that give Internet usersrepparttar 109521 chance to report those individuals and companies that are responsible of spamming. You can become a member for free and learn how to controlrepparttar 109522 spam problem by visiting their website at For more details on how to deal with spam, readrepparttar 109523 article ‘How Can I Stop It? - The Challenging Task of Controlling Spam’. How can a company protect itself from these threats? The first step in securing your organization is to create an email usage policy. Every company needs to establish a policy regarding use of and access to company email systems, and then tell all employees what its policy is. After you have created your email policy you must make sure it is actually implemented. This can be done by providing regular trainings and by monitoring employees’ email using some type of email security software. The email policy should be made available and easily accessible to all employees and should be included in employee handbooks and company intranets. It is best to includerepparttar 109524 email policy, or a short statement regardingrepparttar 109525 policy, in employment contracts. In this wayrepparttar 109526 employee must acknowledge in writing that he/she is aware ofrepparttar 109527 email policy and ofrepparttar 109528 obligation to adhere to it.

What are some ofrepparttar 109529 benefits of having a clear and effective email policy? First, it helps prevent email threats, since it makes your staff aware ofrepparttar 109530 corporate rules and guidelines. Second, it can help stop any misconduct at an early stage by asking employees to come forward as soon as they receive an offensive email. Keepingrepparttar 109531 incidents to a minimum can help avoid legal liability. For example, inrepparttar 109532 case of Morgan Stanley, a US investment bank that faced an employee court case,repparttar 109533 court ruled that a single email communication - a racist joke, in this case - cannot create a hostile work environment and dismissedrepparttar 109534 case against them. Third, if an incident does occur, an email policy can minimizerepparttar 109535 corporation’s liability forrepparttar 109536 employee’s actions. Previous cases have proven thatrepparttar 109537 existence of an email policy can prove thatrepparttar 109538 company has taken steps to prevent inappropriate use ofrepparttar 109539 email system and therefore can be freed of liability. Fourth, if you are going to use email filtering software to checkrepparttar 109540 contents of your employee’s emails, you must have an email policy that states this clearly. Some employees may argue that by monitoring their emails, companies are violating their privacy rights. However, court cases have shown that ifrepparttar 109541 employer has warnedrepparttar 109542 employee beforehand that their email might be monitored,repparttar 109543 employer has a right to do so. People usually respond better when they know where they stand and what is expected of them. The recent spike inrepparttar 109544 volume of spam traveling acrossrepparttar 109545 Internet, combined withrepparttar 109546 dangers of phishing and virus attacks that frequently accompany these messages, has forced corporations to reconsider how they determine which messages will be allowed into their network. For years, companies have addressed their email security needs through a mixture of third party software solutions designed to address specific areas of vulnerability. Today, however, this approach appears to be ineffective. New threats adapt to evenrepparttar 109547 latest security technology, helping hackers and spammers stay a step ahead of most stand-alone protective measures. System administrators remain in a reactionary mode, waiting forrepparttar 109548 next attack and hoping their mixed bag of security software is up torepparttar 109549 test.

Cont'd on page 2 ==> © 2005
Terms of Use