Latest news
The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage
by Jamie Cowper - Senior Technical Consultant, Mirapoint - Monday, 14 February 2005.
In a few short years, email has become a major part of the national psyche and a business-critical tool of communication. However, while companies have been more than willing to embrace the business benefits of email, they continue to remain oblivious to many of the responsibilities this new form of communication brings, particularly as it affects their employees.
It is a commonly held misconception, due to the informal traditions of electronic communication, that e-mails carry less weight than letters on headed notepaper. But this is not the case. The law treats emails as ‘discoverable documents’ in exactly the same way as all other forms of written communication, and as such, just as much care and attention should be taken regarding the content of emails as with other forms of business communication.
An employee’s email address at work identifies not only the individual, but also the company. If an employee is using his work email to send inappropriate comment or material, there is always the potential for messages sent via the company address to impact negatively on the business. For instance, a company would never allow employees to use its letterhead to send out correspondence of a scandalous or personal nature – why then should it allow its email to be used in this way?
Unmonitored email leaves companies open to fraud, lawsuits, loss of confidential data, sexism, racism, pornography, not to mention reputation damage, loss of business, and decreased productivity. Quite simply, if a company does not have a clear and consistent email policy, it needs to get one.
From an internal point of view, an employer has a duty of care to protect its staff from email abuse and harassment. According to a recent DTI survey into communication practices in UK businesses, nearly a quarter of employees have suffered crossed-wires with colleagues or clients because their use of humour in an email has been misinterpreted. Given the fact that there were 115,000 employment tribunals last year based on work disputes, often on the grounds of racial or sexual harassment, these figures are no laughing matter.
However, an employer’s duty to educate staff on what constitutes acceptable online office banter is just the tip of the iceberg. Unwise or unguarded email use is almost always the source of blame when a security breach of the company network occurs. Many employees are still reckless in the type of email they open and respond to, and this is despite the extensive media coverage on the dangers of viruses and hacking programmes. Hackers and virus writers have become increasingly sophisticated, designing and targeting messages to people based on their interests or spoofing email addresses known to the recipient. As well as the cost in terms of productivity and downtime when a virus strikes, a hacker has the potential to access and steal confidential information and intellectual property.
It is a commonly held misconception, due to the informal traditions of electronic communication, that e-mails carry less weight than letters on headed notepaper. But this is not the case. The law treats emails as ‘discoverable documents’ in exactly the same way as all other forms of written communication, and as such, just as much care and attention should be taken regarding the content of emails as with other forms of business communication.
An employee’s email address at work identifies not only the individual, but also the company. If an employee is using his work email to send inappropriate comment or material, there is always the potential for messages sent via the company address to impact negatively on the business. For instance, a company would never allow employees to use its letterhead to send out correspondence of a scandalous or personal nature – why then should it allow its email to be used in this way?
Unmonitored email leaves companies open to fraud, lawsuits, loss of confidential data, sexism, racism, pornography, not to mention reputation damage, loss of business, and decreased productivity. Quite simply, if a company does not have a clear and consistent email policy, it needs to get one.
From an internal point of view, an employer has a duty of care to protect its staff from email abuse and harassment. According to a recent DTI survey into communication practices in UK businesses, nearly a quarter of employees have suffered crossed-wires with colleagues or clients because their use of humour in an email has been misinterpreted. Given the fact that there were 115,000 employment tribunals last year based on work disputes, often on the grounds of racial or sexual harassment, these figures are no laughing matter.
However, an employer’s duty to educate staff on what constitutes acceptable online office banter is just the tip of the iceberg. Unwise or unguarded email use is almost always the source of blame when a security breach of the company network occurs. Many employees are still reckless in the type of email they open and respond to, and this is despite the extensive media coverage on the dangers of viruses and hacking programmes. Hackers and virus writers have become increasingly sophisticated, designing and targeting messages to people based on their interests or spoofing email addresses known to the recipient. As well as the cost in terms of productivity and downtime when a virus strikes, a hacker has the potential to access and steal confidential information and intellectual property.
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
