www.1001TopWords.com |
Corporate Email Policies Lower Unnecessary Legal and Security Risks
What comes to your mind when you think about your email? Email makes possible almost instant communication with your co-workers without leaving your desk, a quick note to a family member who lives far away, but also has a very annoying downside such as junk mail. Since the introduction of the Internet, email has been one of its primary uses. The fact that it is a fast, cheap and easy means of communication, makes email a great business tool. But there are also a series of threats for employers associated with email usage. Email threats such as confidentiality breaches, legal liability, lost productivity and damage to reputation cost organizations millions of dollars each year. In the majority of cases, companies are held responsible for all the information transmitted on or from their systems. As a result, inappropriate emails can result in multi-million dollar penalties in addition to other costs. For example, a Federal Communications Commission (FCC) employee unintentionally sent a dirty joke entitled 'Nuns in Heaven' to 6,000 journalists and government officials on the agency's group email list. This employee's lapse in judgment and electronic mistake resulted in negative publicity and national embarrassment for the FCC. In the US, Chevron settled a case filed by four female employees for $2.2 million. The employees alleged that sexually harassing emails sent through the company's email system caused a threatening work environment. One of the sexually offensive messages was a joke sheet titled '25 reasons why beer is better than women'. A company can also be liable if one of its employees sends an email containing a virus. Confidentiality breaches can be accidental, for instance when an employee selects a wrong contact name in the 'To:' field, or intentional, such as the case where an employee uses his corporate email account to send confidential information to one of the company's competitors. In the latter case, both the employee and the recipient could be charged with trade secret theft. Nonetheless, whether it is by mistake or on purpose, the result of the loss of confidential data is the same. Lost productivity due to inappropriate use of a firm's email system is becoming a growing area of concern. A recent survey revealed that 86 per cent of workers used their company email to send and receive personal emails. Given that it has become very hard in our modern world to segregate people's personal lives outside of the workday, companies struggle to find effective ways of balancing employee freedoms and corporate protection. In addition to personal emails, unwanted spam messages are a significant time waster. Spam and personal abuse of email can also cause a corporation's email system to waste valuable bandwidth resources. A Gartner Group study held under 13,000 email users found that 90 percent receive spam at least once a week, and almost 50 percent get spammed more than 6 times a week. Personal emails cause network congestion since they are not only unnecessary, but tend to be mailed to a large list of recipients and often include large attachments such as mp3, executable or video files that users do not zip. Adopting an anti-spam system alone has not proven effective to stop spam. The combination of spam- blockers with other methods of spam control technologies such as SIDF, SPF, Bayesian Filters, Blacklists, Whitelists, Anomaly Detection, and Spam Signatures has proven to be much more effective. There are also special organizations such as the AntiSPAMLeague.org that give Internet users the chance to report those individuals and companies that are responsible of spamming. You can become a member for free and learn how to control the spam problem by visiting their website at www.antispamleague.org. For more details on how to deal with spam, read the article 'How Can I Stop It? - The Challenging Task of Controlling Spam'. How can a company protect itself from these threats? The first step in securing your organization is to create an email usage policy. Every company needs to establish a policy regarding use of and access to company email systems, and then tell all employees what its policy is. After you have created your email policy you must make sure it is actually implemented. This can be done by providing regular trainings and by monitoring employees' email using some type of email security software. The email policy should be made available and easily accessible to all employees and should be included in employee handbooks and company intranets. It is best to include the email policy, or a short statement regarding the policy, in employment contracts. In this way the employee must acknowledge in writing that he/she is aware of the email policy and of the obligation to adhere to it. What are some of the benefits of having a clear and effective email policy? First, it helps prevent email threats, since it makes your staff aware of the corporate rules and guidelines. Second, it can help stop any misconduct at an early stage by asking employees to come forward as soon as they receive an offensive email. Keeping the incidents to a minimum can help avoid legal liability. For example, in the case of Morgan Stanley, a US investment bank that faced an employee court case, the court ruled that a single email communication - a racist joke, in this case - cannot create a hostile work environment and dismissed the case against them. Third, if an incident does occur, an email policy can minimize the corporation's liability for the employee's actions. Previous cases have proven that the existence of an email policy can prove that the company has taken steps to prevent inappropriate use of the email system and therefore can be freed of liability. Fourth, if you are going to use email filtering software to check the contents of your employee's emails, you must have an email policy that states this clearly. Some employees may argue that by monitoring their emails, companies are violating their privacy rights. However, court cases have shown that if the employer has warned the employee beforehand that their email might be monitored, the employer has a right to do so. People usually respond better when they know where they stand and what is expected of them. The recent spike in the volume of spam traveling across the Internet, combined with the dangers of phishing and virus attacks that frequently accompany these messages, has forced corporations to reconsider how they determine which messages will be allowed into their network. For years, companies have addressed their email security needs through a mixture of third party software solutions designed to address specific areas of vulnerability. Today, however, this approach appears to be ineffective. New threats adapt to even the latest security technology, helping hackers and spammers stay a step ahead of most stand-alone protective measures. System administrators remain in a reactionary mode, waiting for the next attack and hoping their mixed bag of security software is up to the test. The role of email in Sarbanes-Oxley compliance cannot be overstated. The Sarbanes-Oxley Act of 2002 and associated rules adopted by the Securities and Exchange Commission (SEC) require certain businesses to report on the effectiveness of their internal controls over financial reporting. Effective internal controls ensure information integrity by mandating the confidentiality, privacy, availability, controlled access, monitoring and reporting of corporate or customer financial information. Companies that must comply with Sarbanes-Oxley include U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. U.S. companies with market cap greater than $75M and on an accelerated (2004) filing deadline are required to comply for fiscal years ending on or after Nov. 15, 2004. All others are required to comply for fiscal years ending on or after April 15, 2005. Because the bulk of information in most corporations is created, stored, transmitted and maintained electronically, IT departments are responsible for ensuring that sound practices, including corporate wide information security policies and enforced implementation of those policies, are in place for employees at all levels. Information security policies should govern the following items:
Most of us would agree that today email is the primary internal and external communication tool for corporations. Unfortunately, it is also one of the most exposed areas of a technology infrastructure. Email systems are critical to ensuring effective internal control over financial reporting, encryption of external messages and active policy enforcement, all essential elements of compliance. Companies must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur. An effective email security solution must address all aspects of controlling access to electronically stored company financial information. Given the wide functionality of email, ensuring appropriate information access control for all of these points requires:
On a final note, some clear guidelines for a good and effective email policy include the following points: a) Emails should comply with the proper RFC protocols for email, 2) Employees should not attempt to obscure content or messages in emails, 3) Companies should post privacy policies where they can be read and understood, prior to submission of a request, 4) Employees should not send email to unverified or nonexistent email addresses, 5) Companies should offer users opportunities to opt-out of programs. Given that developments in email and the Internet are changing so rapidly, it is essential to review the email policy at least once every quarter. Keep an eye on new developments in email and Internet law so that you are aware of any new regulations and opportunities. When you release new updates, it is preferable to have each user sign as acknowledgment of their receipt of the policy. With all of this said, if you want to reduce electronic risks in the workplace you must take the initiative. Electronic disasters can ruin businesses, sink careers, send stock prices plummeting, and generate public relations nightmares. Do not wait for a disaster to strike; prevention is always your best defense. Visit www.AntiSpamLeague.org and they will help you develop and implement written email usage and privacy policies that clearly reflect your organization's expected standards of electronic behavior, along with privacy and monitoring policies. About The Author The purpose of the Anti SPAM League is to help consumers and business owners reduce the amount of SPAM they receive. In addition, our Anti SPAM organization believes that educating site owners in the area of SPAM prevention and ways to successfully and responsibly market their sites, is key in making a difference.
|
RELATED ARTICLES
Invasion of the Email Snatchers They're sneaky. And stealthy. They're quiet and mostly unobtrusive, but once you've been visited by them, you'll know it. Because you'll be inundated with a seemingly never-ending stream of spam-mails. Block Spam with An Easy Behavioral Change E-mails now have a connection back to their servers. I willleave the technical aspects out of this article. Instead, Iwill walk you through how information from your computer isgetting back to them. BUSTED: Anti Spam Forces Bankrupt Super-Spammer Scott Richter Microsoft scores one for the good guys Eight Quick Tips For Stopping SPAM If you are buried in SPAM then you're not alone. It's been suggested that asmuch as 50% to 75% of the e-mail traffic on any given day is SPAM. Readingthrough SPAM is a waste of your time and it subjects you to potential viruses,trojan horses, and sexual material which can be quite offensive. Here are sometips on how to win the SPAM war: Blackhole or Fail - Which One Is Better For Your Mail Server? Very often SPAMMERS take advantage of catch-all email setup on webservers. Every email no matter what the recipients email address is will be caught by the default email account. It is highly recommended not to use catch-all email accounts and to discard SPAM send to non-existing email addresses. SPAM will clog up your SMTP server and consum resources like bandwidth and disk space in mailboxes. In most mail servers and web control panels (like cPanel) the user or admin can decide what will happen to emails with no existing recipient on the server. Refuse to the let emails onto the server and to let the sender's mail server deal with it (option: ":fail:") or to accept these incoming messages but then to delete them right away (option: ":blackhole:". How Spammers Fool Rule-based and Signature-Based Spam Filters Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore. Avoid, Shun, Thwart, Prevent, and then Filter Spam Email is rapidly becoming the standard means of communication among businesses, associates, and even friends. While many people have now been using the internet and email for years, there are thousands of new users on the internet each day. With inexpensive web hosting, free email services, and the blog burst upon us, getting your own slice of the internet pie has never been easier. All About Spam Spam is annoying. Period. Why people would want to send all of us stupid messages about buying prescription drugs or getting some outrageously good mortgage rate is beyond me. Well, not really. Get Your News Releases Through the Spam Filters in 11 Easy Steps In today's spam-filled email world, it's sometimes VERY difficult to get your news releases and PR pitches to the media person you are trying to reach. These tips hold true for personal emails, too, so even if you don't do P.R., this article offers some important email tips. Dealing With SPAM - An E-mail Address Strategy With SPAM being such a problem it might seem the right thing to do is never give anyone your email address. As a strategy that's not bad but it misses one rather important point; the purpose of having an email address is to be able to exchange emails, both with friends and also as a means to receive eZines from online forums and information sites. In theory any one of these sources could share your email address with a spammer (perhaps by listing it on a public site) and before you know it your email box is full of emails you don't want and can't stop... note, we do not do this, your address is safe with us.Therefore what you need would seem to be a list of separate email addresses, all of which are yours, that you allocate out to the different email lists and online forums you have. That way if one of the addresses gets picked up by the spammers you can just drop and block that one address (and perhaps the list it was subscribed to) and continue in your low or no-SPAM world.So how do we do this?What we're going to do is use one "real" email account (ideally with a hard to guess name) and then a set of forwarded email addresses, all of which are different, but all point back to the real email address. Typically your ISP (Internet Service Provider) provides a small number of email-boxes for you (normally called "POP3" mailboxes). Choose one of these to be your "real" email address and point your email client to it (follow the instruction in your email client such as Outlook Express and ISP to do this). Then we need to register a domain name which will allow us to have lots of forwarded email addresses. 123-Reg.com are an example of a company that provides an inexpensive high-quality service to do this, so we'll use them as an example. Create an account, it's free to do this, and give them your real email address. Then you should register a domain name with them; obviously you need to think of a domain name which you would like as part of your "public face." Choosing a name you like can take a little thought, but don't take too long, domain names are being registered at the rate of one every two seconds, so get in to secure yours as soon as you can! The cost is very low, with .uk domains at around UKŁ3 / US$5 per year and .com/.net around UKŁ9 / US$15 per year (note, you should register for at least two years). Using the email forwarding option from the 123-reg.com control panel, set the catch-all address as your real email address. Then any emails sent to any name at your domain will be forwarded on to you automatically.Here's a worked example for Brenda Wyatt.Brenda's ISP supplied POP3 email address is brenda@myisp.comShe creates an account at 123-reg.com and registers the domain "WyattMail.net"She sets up email forwarding via the 123-reg control panel to forward all emails received to @wyattmail.net to brenda@myisp.com.Now when Brenda signs up to a forum or email list she gives an email address which is individual to that list. Let's say she registers with Amazon, she could register as 'Amazon@wyattemail.net'. They will send emails to that address which will be forwarded to her brenda@myisp.com email address and she can read them as she wishes.The nice thing about this system is that Brenda hasn't had to go anywhere else to register the email address 'Amazon@wyattemail.net', 123-reg just sees the wyattemail.net part and sends it on for her.So what happens if she finds one of her email addresses is being targeted by spammers? Let's assume this happens to her "dodgylist@wyattemail.net" email address. She then goes to 123-reg.com, logs in and goes to the control panel. She selects the email forwarding page, adds a fresh line with 'dodgylist@wyattemail.net' in it, clicks the 'return to sender' checkbox and clicks 'update'. Now any email to this address will be returned to whence it came. Nice, eh?©2005 Paul Quirk & Mark Quirk. Article taken fromCareOfWindowsXP.com. Quickly Eliminate 100% of Your Junk Email Why do so many people think I need to take Viagra? I guess it's for the same reason others believe I want to re-finance my home, invest in a new stock and sell my business. A War on SPAM: Attacking The Evil As most small, medium and large businesses in this country have seen the SPAM Emails have hurt our productivity and caused excessive costs. The Cybermagic of Whitelists Before we start getting deep into the meat of this article it's important to explain some standard terminology to make sure the rest of this article makes sense. What to Do to Avoid Getting Banned How would you feel if you found a link on the web that was interesting to you but when you click the link it takes you to a page that is total rubbish? You are not only disappointed but it also wastes your time. Unfortunately, this is often true in many cases. To get a good ranking, often web page designers use "spamdexing". Spamdexing search engines is the practice of deliberately and dishonestly modifying HTML pages to artificially increase the chance of them ranking close to the top of search engine results. This spamming could result in your site getting banned from search engine indices. How To Stop Spam I imagine you have seen, heard about, or already know what spam is. But just in case you don't, it is unsolicited and unwanted emails that arrive in your email inbox from a person or company that you don't know. Avoiding the Spam Trap: Get Your Message Delivered! Your message is not being delivered. The Trouble With Spam Is.... Each day we all face the same challenge. Spam. It doesn't matter if you're a home computer user or the head of IT for a multinational limiting or totally preventing the distribution of junk email to your computer(s) is now a daily chore. Do You Know Whats in Your Trash? A hearty welcome to all the spam fighting filters and programs created to rescue us from the deluge of unwanted e-mail! There is practically a "solution" for everything. But as with most online "solutions" filters and programs are only tools that users need to make some effort to use properly to reap the benefits. The Vanishing Mail Am I Just Being Paranoid Or Are The Robots Out To Get Me? Spam - How to Report it I'm sure you find spam just as frustrating and annoying as I do.So I've done some investigation in how to report it to get thesepeople hopefully in a bit of strife! And put spam to an end or atleast lessen it ;-) |
© Athifea Distribution LLC - 2013 |