E-mail hygiene and employee productivity issues aside, simply understanding whether Internet e-mail is being used to communicate sensitive financial data, for example -- either to legitimate external parties such as financial audit firms, or to competitors, media or other parties -- is complex and wrought with challenges.
There have been numerous cases in the media of inappropriate data being sent via Internet e-mail -- sometimes completely in error -- including confidential patient records, financial data, insider trading information and the like.
Avoiding such mishaps and breaches of compliance-related policies can involve a combination of user education, auto-signatures, content-scanning Internet gateways and auditing mechanisms; this includes the ability to report on traffic sent to and received from specific Internet domains containing certain subject keywords, message body keywords or attachments.
As a starting point, companies need to pay better attention to where their Internet e-mail is going and investigate capabilities that can respond to compliance-related investigations quickly.
E-MAIL COMPLIANCE TO DO LIST
Step 1: Establish, communicate and enforce an e-mail policy
Step 2: Get an archival solution
Step 3: Evaluate the big picture of e-mail storage
Step 4: Pay special attention to PSTs
Step 5: Establish controls and audits for distribution list/group membership
Step 6: Establish controls for mailbox security and delegation
Step 7: Establish controls for public folders
Step 8: Establish controls for Internet SMTP traffic
Step 9: Establish an e-discovery plan
Step 10: Identify and eliminate stale objects
|ABOUT THE AUTHOR:|
David Sengupta, Exchange expert|
David Sengupta is a Product Manager in the Windows Management Group at Quest Software. He has also been a Microsoft MVP in the Exchange Server category for six consecutive years. Sengupta has contributed to various Exchange and Windows books, magazines and white papers from a number of publishers. He also frequently represents Microsoft on staff at Ask the Experts, Microsoft Experts Area and Peer Talk at conferences such as MEC and TechEd. David has an M.T.S. from Tyndale Seminary, Canada, a B.Sc. from University of Ottawa, Canada and MCSE (Messaging) and CCA certifications. David runs a blog on Microsoft Exchange and e-mail compliance issues at http://p0stmaster.blogspot.com and can be reached at firstname.lastname@example.org.