Email security
Posts & information about email security
Email management flaws affected Bush administration White House
Aug 31st
A recent report on a controversial federal lawsuit reveals the importance of legitimate email archiving solutions.
The report was published by the Citizens for Responsibility and Ethics in Washington and alleges White House officials serving during George W. Bush’s presidency had declined to implement a secure email archiving solution. As a result, millions of email documents went missing, and a lengthy legal battle ensued between the Bush administration, CREW and the National Security Archive.
"Despite repeated warnings that information was being lost, Bush administration officials repeatedly and willfully turned a blind eye to the problem," said Melanie Sloan, CREW’s executive director.
Had the administration employed a secure email archiving solution, the officials may have avoided some of the case’s legal ramifications, as most of the allegations stem from the administration’s email management processes after its own email archiving project failed.
The case indicates the impact of email management issues upon even the largest organizations. Smaller institutions and businesses can safeguard their information and avoid legal fees for cases involving email security violations by leveraging the benefits of email archiving solutions.
Smaller businesses have already begun realizing the benefits of secure email management, as a recent report found email security was among the top three priorities for expanding small business IT budgets.
Are companies unknowingly exposing themselves to the potentially harmful effects of cc mass mailings?
Dec 7th
This could happen to you: Your new sales rep is eager to get results and fast. He decides to contact his 200 customers with your latest promotional offer. In order to get the message across in the minimum amount of time, he creates one email, pastes all the email addresses in the Cc: field and hits ‘Send’. Now he just needs to wait for the orders to come in.
Your nightmare has begun. A potential privacy breach and damage to your company’s reputation has been set in motion. Not only has this one email exposed your valuable customer list and opened you up to 200 potential lawsuits for privacy breach, it has severely damaged your company’s reputation. If your company is this careless with its customer information, what does that say about the quality of the services and products you provide? And you don’t even want to think about what will happen when the recipients hit the ‘Reply to All’ button and start complaining about your company’s spam practices and asking you to remove them from the list. A true ‘mail storm’ could erupt with your company as the source. Download the Red Earth Software white paper ‘Preventing Privacy Breach – Why You Need to Block Cc Mass Mailings’ to find out about how these undesirable mass mailings can occur, the damage they can do, and how you can protect your company by preventing these emails from leaving your network.
10 things you should be doing to protect your company against email risks
Nov 2nd
Last week we discussed the top 6 email risks that companies face. So what can we do to protect ourselves against these risks? Here are 10 things that you should be doing to protect your company:
#1: Write an email policy. If you do not already have one in place, the first thing you must do is to create an email policy. This is necessary to educate users but also to ensure that employees are aware that the company is monitoring their emails. This will protect your company against possible employee lawsuits regarding invasion of privacy. Have your users sign the email policy to confirm that they have read and understood the regulations. For more information on what to include in your Email policy, got to the blog article Ten points to include in your email-policy.
#2: Train users; Regularly train users in applying the email policy. Help users send effective emails by informing them of best practices, explain that offensive jokes and remarks can be much more harmful than they seem and stress that employees that witness abuse of the email system must report this to their supervisor. This will boost productivity and help avoid many of the email risks.
#3: Install anti-virus software. Even though nowadays almost all companies have virus software scanning files on the server and client machines, not all companies do the same for email. Be safe rather than sorry and scan all your incoming and outgoing emails for viruses too.
#4: Install a spam filter. There are many spam filters out there and most of them will do a good job at blocking spam. However, not all spam filters will allow your users to review their own spam mails, offer customization per user or allow for detailed message tracking.
#5: Content check emails; Even though you have educated your users, you cannot assume that all employees will adhere to the policy. Therefore you need to install software that can check all emails for inappropriate content. For internal mails this is to protect users from an unsafe work environment. For external mails this is to protect the reputation of your company and to avoid libel lawsuits. You must also check attachments and use word filtering to avoid confidential data leaving the company. For instance you can block external emails containing Social Security Numbers, credit card details or patient information.
#6: Add a disclaimer; In order to disclaim against company liability, ensure confidentiality and comply with regulatory rules you must add a disclaimer to all sent emails. Disclaimers must be added to internal mails as well as external mails. It is also a good idea to add a different disclaimer for internal mails to specifically address the unsafe work environment issue. For instance in your internal mails you can include a line saying ‘Employees are expressly prohibited to make offensive, disruptive or defamatory statements.’
#7: Compress attachments; by compressing attachments you can reduce the size of files by up to 95 percent. Needless to say this will save bandwidth and network storage.
#8: Limit personal emails; Personal emails not only cause loss of productivity, they can be the source of viruses and bandwidth hogging attachments. You might want to allow some personal use, but in your email policy you must stipulate in exact terms what is allowed and what is not.
#9: Archive emails; Many industries now face regulations that require them to archive emails for a number of years, including the health care, legal and financial industry. Fail to archive your emails and your company might face substantial fines. In addition, you need to be able to quickly search and access messages in case you need to retrieve emails on a court order.
#10: View reports on usage; Check how the email policy is being implemented by looking at email usage reports. Find out what attachments users are sending and their size. View reports on email policy violations and determine which rules are being violated and by which users. On the basis of this information you can adjust your email policy, tweak your email filtering software, or schedule further trainings to re-iterate certain email policy rules.
The top six corporate email risks
Oct 27th
We all know that email is a great business tool. It’s fast, cheap, universal and easy to deploy. However, companies that make use of email are confronted with a number of risks. So what are the email risks that companies face? Red Earth Software has identified the following top 6 email risks:
#1 Legal liability; In most cases the employer is held responsible for all the information transmitted on or from their systems. Consequently inappropriate emails sent on the company network can result in multi-million dollar penalties. In the last few years there have been several high profile lawsuits such as the case against a global oil company filed by four female employees. The employees alleged that sexually harassing emails sent through the company email system caused a threatening work environment. One of the sexually offensive messages was a sheet entitled ’25 reasons why beer is better than women’. The company settled the case for no less than 2.2 million dollars.
#2 Regulatory compliancy; this now affects many companies across several industries. New and existing regulations are forcing companies to keep a record of their emails and to protect their client’s privacy. The Health Insurance Portability and Accountability Act requires health care institutions to keep a record of their email communications and secure confidentiality of information. In the new IRS regulation Circular 230, the IRS requires tax advisors to add an email disclaimer to any emails including tax advice, expressly stating that the opinion cannot be relied upon for penalty purposes. The U.S. Securities and Exchange Commission and Gramm-Leach-Bliley Act impose similar duties on financial institutions. Steep penalties can apply to those organizations that do not comply with their industry’s regulations. In a case lasting from 2000 until 2005, a well-known financial institution was recently forced to pay 20 million dollars in penalties by the Securities and Exchange Commission for not diligently searching for email back-up tapes and over-writing multiple back-up tapes.
#3 Lost productivity; Employees sending personal emails and sifting through spam mail can cause major loss of productivity. To give you an example, if each employee takes 5 seconds to view a spam mail, based on an average salary of 25 dollars per hour, this will cost the employer 3 cents per spam mail. If every employee received 25 spam mails per day, spam would cost a company with 100 users no less than 20,000 dollars per year. In addition to spam and personal emails, viruses can also lead to network downtime and lost productivity.
#4 Confidentiality breaches; Most confidentiality breaches occur from within the company. These breaches can be accidental, but they can also be intentional. Some years ago, a well-known software company filed a lawsuit against one of their former employees who had used the company’s email system to send out confidential information to their competitor, his new employer. The trade secrets included product design specifications, sales data and information regarding a prospective contract for which both companies were competing. The employee and competitor were both charged with trade secret theft.
#5 Damage to your company’s reputation; A badly written email, or an email containing unprofessional remarks will cause the recipient to gain a bad impression of the company that the sender is representing. A UK law firm had to find this out the hard way when two of their employees originated the ‘Claire Swire’ email, a sexually explicit email that ended up being read by over 10 million people around the world. Especially since the company in question was a law firm, and the employees were attorneys, this email caused severe damage of reputation.
#6 Increasing bandwidth and storage needs; Not only is the use of attachments growing, their size is increasing as well. According to the Radicati Group, attachments make up more than 85% of all email data. Large attachments use up bandwidth and storage space. Although the cost of storage space has decreased over the years, the larger the message store, the more management it requires and the longer it takes to restore messages after a mail server failure.
Next week we will be discussing what you can do to protect yourself against these email risks.