The Threat Within - Why Businesses Need To Manage And Monitor Employee Email Usage
by Jamie Cowper - Senior Technical Consultant, Mirapoint - Monday, 14 February 2005.
It is hardly surprising then that employers frequently cite their staff as the biggest security risk to their business. Undoubtedly, the only way a company can prevent malicious, offensive or confidential information being transmitted across its network is by invoking the company’s ownership of email rights to monitor mail and enforce a consistent and coherent email policy.

Not only should such a policy be clearly articulated to each and every employee, but should also exist as a ‘contract’ that employees have to sign up to. In this way, everybody in a company should be made explicitly aware of the penalties for email misuse. Education on its own has proved to be ineffective in curbing inappropriate emails – there also has to be an element of compulsion if the policy is to be taken seriously.

In addition, an effective email policy not only needs to be enforced, but also regularly updated. Phishing scams and virus writers are constantly deploying new means of attack. Employees need to be constantly kept abreast of all potential threats and informed as to how they should respond and the level of care they are expected to deploy.

Email has become an integral part of business communication and can continue to be of enormous benefit provided the necessary safeguards are met. But companies can no longer turn a blind eye to the security indiscretions of their staff. They must accept ownership and liability for all the information sent across their company networks. Only when companies stop burying their heads in the sand, and define and enforce clear email policies, will the upward trend in security breaches and email-related harassment lawsuits be reversed.


How security pros deal with cybercrime extortion

1 in 3 security professionals recommend negotiating with cybercriminals for the return of stolen data or the restoration of encrypted files. 86% of security professionals believed their peers at other organizations have brokered deals with cybercriminals.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Apr 1st