Article

E-mail policies set the bar

Margie Semilof

CAMBRIDGE, Mass. -- With billions of messages traversing networks on any given day, there is no doubt that e-mail is truly a killer app. Unfortunately, e-mail can also be an organization killer.

At the recent Information Systems Audit and Control Association conference, Allan Boardman, president of the group's London chapter, outlined numerous ways that e-mail can harm a business if managed improperly.

The only fool proof way to fight e-mail attacks is to educate end users about the threats. "Your best defense is an informed employee," Boardman said. "Make sure they know not to open anything suspicious and are aware of e-mail hoaxes."

Companies today must fight viruses, productivity-sapping spam, pornography and other malicious or offensive content, he said. Risks and threats include information overload, information leakage, interception and tampering with data, potential brand damage, reliability and delivery failures and issues related to retention and destruction, he said.

Boardman said

    Requires Free Membership to View

For more information

See how to combat e-mail viruses

Check out the Best Web Links on security policy management

there is a disconnect between end users' perception of e-mail and the realities it represents. "People see it as casual communication, but a lot of companies now see it as a formal communication," he said.

End users consider the messages intransient and a record without ownership. Senders are often impulsive and reactive. Messages are also easy to distribute across a wide population.

Though e-mail is still a prime method used for attacks on corporate networks, blended attacks -- viruses and worms coupled with spam -- are most common today. IT experts must now also be on guard for phishing, which are scams that trick users into sharing personal information.

Corporations today may be held liable for a variety of issues that are related to e-mail. Topics range from defamation, sexual and racial harassment, copyright infringement, publication of obscene material, privacy and data protection and some forms of negligence due to the spreading of viruses.

To avoid problems, Boardman advises IT administrators to have up-to-date e-mail policies that include specifying the company's right to monitor e-mail usage. He said end users should acknowledge all policies and sign off on them. They should use content filtering software and software that monitors and reports activities. Finally, there should be ongoing awareness and education about e-mail policies.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: