Raj Panesar, UK Marketing Manager, MIMEsweeper group – Baltimore Technologies, looks at the kinds of threats that internal e-mail communications pose.
Microsoft recently claimed that across their 52,000 mailboxes they handle about 3.1 million internal e-mails every day. So just what sort of threat does internal email communications pose to an organisation’ While ‘cyberslacking’ is using the internet at work for non-business purposes, ‘internal spam’ relates to all forms of internal unproductive e-mail, including large joke attachments and internal e-mails. E-mail and the internet have become indispensable tools for employees, who use them both for work and non work-related communication. Social interaction – sending and receiving junk email creating spoof e-mails; surfing non-work related web sites could all put corporations at risk. Upwards of eight million working hours are lost each year in the UK by employees surfing the web (cyberslacking). Even legitimate surfing poses a threat to IT security. For instance, an employer with 1,000 employees could incur annual cost of around approximately $96,000 in lost productivity. Also, Just how much is lost productivity costing UK companies’
<br><br>
Each corporation has limited bandwidth for receiving and transmitting information over the internet. Employees who use company internet connections for personal surfing and personal email, can block or significantly impede the work-related activity of their colleagues. Downloading files, mpegs and the latest software off the internet also clogs up the bandwidth pipes, decreasing employee response times and an organisation’s overall efficiency. An IDC survey indicates that enterprises are concerned with bandwidth consumption by unwanted or excessively large e-mail files. Bandwidth problems rank number four among e-mail filter users’ worries. It is an issue that organisations should be addressing. How much unnecessary bandwidth is your company consuming’
<br><br>
Under the Data Protection Act, companies across Europe are responsible for the personal data they hold on individuals. Even if employees send information out of the company illegally or accidentally, companies are held responsible. The Regulation of Investigatory Powers Act decrees that companies are also legally responsible for any misuse of their IT networks and can monitor employees’ e-mails to prevent or detect crime. However, businesses doing this could be infringing the new Human Rights Act (HRA), which states that employees have a right to privacy and companies must be careful as to the extent of any monitoring they undertake. By communicating a tailored security policy openly, companies can protect themselves and also avoid potentially damaging breaches of Human Rights laws. Is your organisation falling foul of the law’
<br><br>
The internet may often be the delivery mechanism for a threat, but it is not necessarily the source. Most e-mail lawsuits result from internally originated mail. E-mail has enabled employees to send out confidential information, intentionally or not, causing immeasurable costs to the company. Even if there is some form of email security in place, web e-mail services such as Hotmail or Yahoo may offer a backdoor for unchecked data transfer. How secure are your sensitive documents’
<br><br>
Inappropriate use of e-mail can have disastrous effects on your corporate reputation. Companies are liable to litigation as a result of sexually or racially harassing internal e-mails. Litigation is increasing as e-mail falls to the cyber-bullies, even inadvertent ones: one person’s joke may be another’s great offence. Company directors remain responsible for anything sent over their network, including sexist, racist and other offensive and illegal materials. Does your organisation have a policy in place to protect employees, and ultimately, the company’s reputation’
<br><br>
With e-mail and internet usage becoming ever more pervasive, firewalls and virus checkers, traditional security mainstays, cannot alone deal with the sophisticated issues that companies face. This is particularly true of internal electronic communication, which can, unless used correctly, ultimately damage an organisation’s bottom line, network integrity and reputation. How secure is your organisation’ Below, top ten e-gaffes.
<br><br>
You inadvertently send porn to your boss: You receive a picture that you just know your friend Daniel will appreciate. While no one is around, you quickly forward it to him – using the Ctrl-K function to recognise the name. Daniel doesn’t reply, and when you quiz him about it later that evening, you realise he didn’t receive it. Frantically checking your sent items the following day, you realise that the explicit image was sent to Dani – your spiky boss.
<br><br>
You did not secure the salary information document: HR sends to you the salary breakdowns for 2002, and while reviewing them you realise changes need to be made. You re-save the document, and send it back to HR. Unfortunately, you have saved the document in the company network – file name: Salaries.
<br><br>
You send your CV out from work: You send your CV to recruitment agencies and prospective new employers from your work PC. Unfortunately, your company has been experiencing a chronic case of staff turnover and they’ve done something about it. All sent and
received e-mails are scanned for the word ‘curriculum vitae’, and quarantined until read by the MD.
<br><br>
You open a picture of Anna Kournikova – naked: You smile to yourself as you realise that you are about to see the tennis goddess of the year in her birthday suit. But a couple of minutes later, you realise that something is amiss when your PC starts playing up and people start shouting abusive comments as company software files start going missing and systems start crashing.
<br><br>
You download so many .wav or .mpg files, .jpeg, and .MP3 files that you cannot save anything to your hard drive: You call out IT support and the IT department finds out the cause of your problem – thousands of saucy video and pictures, and all your music files.
<br><br>
You swear about your client in an e-mail to a colleague at work: your client has been irritating you with their unrealistic demands and constant complaining. You vent your frustration in an email to your colleague, where ‘no holds are barred’ about your views. But in anger – and because you have your client on your mind – you send it to him instead. You lose the account the following week.
<br><br>
You e-mail your ‘portfolio’ to a potential employer: To demonstrate the success of your work and the experience you have, you e-mail a potential employer examples of your work before your interview. As Financial Controller, you send details of sales volumes and prices, broken down by sales person. The problem is that the new employer is a current competitor.
<br><br>
You forward a joke: You receive a joke from your old friend, who can always be relied on to provide the best jokes – they always go down well. You don’t have time to read it through, but send it onto your colleagues so they don’t miss out. The racist comment at the end of the e-mail is not appreciated, and sent immediately to HR with a complaint.
<br><br>
Ruining your company’s reputation: You send a truly graphic MPEG that only a few select friends would appreciate – you’re very careful about that. Your friends forward it onto a select group, too, and the chain goes on and on. In the end, over 300 people have received an e-mail baring your company name, address and URL with a shockingly graphic attachment. Not the sort of campaign your marketing department had in mind.
<br><br>
Media columnist: In a true story, a columnist at the New York Observer, e-mailed friends and sources telling them he was moving to a New York magazine, Swanson pressed a button to ‘carbon copy’ the message instead of pressing the "blind carbon copy" button. All of the recipients of the e-mail could see the names and e-mail addresses of everyone else on the list, including those ‘deep throats’ who wanted to remain anonymous. To make matters worse, online marketers got a hold of the list and spammed everyone on it.
