CAMBRIDGE, Mass. -- With billions of messages traversing networks on any given day, there is no doubt that e-mail is truly a killer app. Unfortunately, e-mail can also be an organization killer.
At the recent Information Systems Audit and Control Association conference, Allan Boardman, president of the group's London chapter, outlined numerous ways that e-mail can harm a business if managed improperly.
The only fool proof way to fight e-mail attacks is to educate end users about the threats. "Your best defense is an informed employee," Boardman said. "Make sure they know not to open anything suspicious and are aware of e-mail hoaxes."
Companies today must fight viruses, productivity-sapping spam, pornography and other malicious or offensive content, he said. Risks and threats include information overload, information leakage, interception and tampering with data, potential brand damage, reliability and delivery failures and issues related to retention and destruction, he said.
End users consider the messages intransient and a record without ownership. Senders are often impulsive and reactive. Messages are also easy to distribute across a wide population.
Though e-mail is still a prime method used for attacks on corporate networks, blended attacks -- viruses and worms coupled with spam -- are most common today. IT experts must now also be on guard for phishing, which are scams that trick users into sharing personal information.
Corporations today may be held liable for a variety of issues that are related to e-mail. Topics range from defamation, sexual and racial harassment, copyright infringement, publication of obscene material, privacy and data protection and some forms of negligence due to the spreading of viruses.
To avoid problems, Boardman advises IT administrators to have up-to-date e-mail policies that include specifying the company's right to monitor e-mail usage. He said end users should acknowledge all policies and sign off on them. They should use content filtering software and software that monitors and reports activities. Finally, there should be ongoing awareness and education about e-mail policies.