SECURITY CLINIC: Dealing with e-mail threats

Many organisations mistakenly believe viruses are the only e-mail threats an organisation faces.

However, research indicates 79 per cent of employers experience abuse of the Internet and e-mail, including the downloading and transmission of pornography, within their organisations (CSI 2000 Computer Crime and Security Survey). With IDC predicting e-mail traffic will grow from 2.1 billion messages in 1998 to 7.8 billion in 2002, the threat will only increase.

Forward thinking organisations regard pornography as one of the most serious content security threats, but fail to interpret this as one of the most serious business threats in an era characterised by connectivity and with e-mail as an integral component of business.

Organisations can not dismiss unacceptable e-mail usage and content distribution as a technology issue. It is a serious business concern and several organisations have already been exposed to threats such as legal liability, sexual harassment claims, productivity issues and negative corporate image.

The NSW Premier's Department recently underwent an e-mail audit. It was discovered that one female clerk had spent five out of 10 working days surfing the Web for pornography. The results of the audit prompted the department to look at its e-mail policies and procedures.

Organisations may be liable for offensive e-mails distributed via their networks. e-mail pornography may appear harmless fun to some but many employees find it either offensive or a form of sexual harassment.e-mail is now recognised as a legal document and organisations can not risk sending pornographic images via company e-mail. Not only are there legal ramifications but damaging corporate reputation and relationships with customers and partners is a distinct possibility.

Corporate reputations are at risk - once lost they can be extremely hard to rebuild. As e-business flourishes, security risks increase. Organisations are realising there is more to protect against than viruses. With reputation and branding such a significant element of online success, legal proceedings due to e-mail and Internet use and corporate fraud, even if accidental, can cost a company dearly.

An organisation's staff and network productivity is also adversely affected. Staff are spending time reading and distributing e-mails and downloading images from the Web. IT resources such as bandwidth and storage are being wasted. It is also labour intensive for an IT administrator to stop all image files at the gateway and manually check which are pornographic or not before sending them on.e-mail, more than any preceding media, is dangerous to an employer in terms of legal liability, corporate fraud and exposure as it is faster, more prone to accidents and more pervasive. Employees, and people generally, are more likely to become involved in inappropriate behaviour via e-mail and the Web as it is more removed and easier to distribute than other forms of communication. e-mail makes pornography and other inappropriate material more accessible, without having to handle it, buy it or be seen sharing it or talking about it.

To protect against the distribution of unacceptable images and other content security threats such as damage to intellectual property, loss or corruption of data, spam and damage by malicious attachments, organisations need to establish an e-mail and Internet usage policy. They then need to educate their employees on the policy and enforce it using content security software solutions.

Many organisations and employees are sceptical that this is necessary and not instead an excuse to adopt a "big brother" approach to controlling employees in the workplace. However, contemporary technology protects the privacy of the employee and the responsibilities of the employer.

Research indicates that few businesses are working on the education phase of this strategy, with a significant gap between the perceptions of employers and employees about how e-mail and the Web are being used, what is appropriate and how to use them securely. The privacy and ownership debates receiving media coverage in Australia indicate that the parties in the debate don't have a clear understanding of the issues raised by the others, particularly around security and privacy.

Resellers need to amend this situation. The technology is available to enforce an organisation's policy. It is sophisticated enough not to simply block and filter but act according to an organisation's predetermined policy. The channel has the functionality to sell. It just needs to convince the user of the need.

Lindsay Durbin is product marketing manager at content security software developer Content Technologies. Reach him at lindsay.durbin@mimesweeper.com.au

Join the newsletter!

Error: Please check your email address.

More about Content TechnologiesGatewayIDC Australia

Show Comments

Market Place