Security Risks in Outgoing Email Often Overlooked

Posted on July 11, 2008

The threat of an employee inadvertently infecting a business computer network via malware received through a work email or instant message is one that most businesses have taken steps to prevent. Even businesses that are small or not very technically savvy have antivirus software, firewalls, and other security measures in place to prevent the costly and sometimes risky issue of an infected network. However, with all the fuss about incoming email, a surprising number of businesses pay little to no attention to the dangers associated with outbound email.

According to a recent study performed by Proofpoint Inc., a California-based security company, possible security risks that stem from lack of protocol related to emails sent from company computers. Concerns such as protection of sensitive data, privacy, legal risks, and embarrassment to the company have inspired many businesses to put in place standards of practice for employees who send email (and there are very few who dont these days) and to enforce security policies on outgoing messages. Many employers are also concerned about employees posting sensitive information on blogs or message boards. The Proofpoint Inc. study, which focused on businesses in the United States and the United Kingdom that employ more than 1,000 people, gathered information on the following aspects of email security:

  1. The level of concern about outgoing email content leaving large organizations
  2. The methods and technologies those organizations have used to control or otherwise secure outgoing emails
  3. The state of messaging-related policy implementation and enforcement in large organizations
  4. The frequency of various types of policy violations and data security breaches
The 2006 study drew from surveys of several hundred decision makers from different companies, almost 40 percent of which were in technical, professional, financial, or government fields, who answered questions about their companies outgoing email policies. It turns out that many companies actually hire employees to read or check outgoing email to see that it fits standard email protocol. In fact, in the U.S., 38 percent of companies have employees to do this job, and 46.9 percent perform regular audits on employee email content. Through these actions, they have estimated that over 20 percent of outgoing workplace emails contain confidential or other internal business information. Disturbingly, almost 35 percent of those surveyed claim their company was negatively affected by the wrong information leaving via employee email in the past year. Some companies have even had non-public financial information posted online by employees.

However, the companies are not the only ones that suffer from these breaches. The study shows that in the past year, over 50 percent of the employers surveyed disciplined employees for violating email policies. Additionally, 17.3 percent took corrective action over employee violation of blog or message board policy, and more than 7 percent actually fired an employee for their outbound messaging actions.

With more than half of the company representatives voicing concern over the reduction of security risks associated with lax outgoing email practices, Proofpoint suggests that companies create and implement policies dealing with the following issues:
  1. An acceptable use policy for email, defining appropriate uses for company email systems
  2. An acceptable use policy for blog and/or message board postings
  3. An audit vulnerability scanning policy, which gives the companys information security team the authority to conduct audits and risk assessments, investigate incidents, enforce security policies, and monitor activity
  4. An acceptable encryption policy that defines types of encryption used within the organization
  5. An automatically forwarded email policy that governs the automatic forwarding of email
  6. An ethics policy, defining ethical and unethical business practices, including disclosure rules, conflict of interest rules, and communication guidelines
  7. An information sensitivity policy or content classification policy, which reduces the risk of confidential information being leaked to outside parties
  8. A risk assessment policy that defines requirements and provides authority for the information security team to identify, assess and take action on possibly risky information
  9. An email retention policy that defines guidelines for retaining information in an email
In addition to the creation and implementation of specific policies, it may also be important for companies to have in place formal employee training on said policies. Despite the concern about proper employee email protocol, only a little more than half the companies had in place any form of employee training to make sure the policies were understood. Companies have enough to worry about with the threats of incoming email. With the proper policies, enforcement, and communication procedure, employers and employees alike can work to eliminate the concerns surrounding outgoing email security.

http://home.stopsign.com

Email in Business - Private Email Is A Myth
Email has become vital to business communication and operations. Today, more than 90 per cent of workers cannot function as effectively, or at all, wi...

Computer Security Precautions To Take When You Are Away
A strange computer or a public computer away from the office or your home, automatically makes you very vulnerable to any deadly attack and the spywar...

Tips to Implementing Your Security Policy
Implementing a security policy is often viewed as a one-week, one-man project. Decision makers do not view security policies as ongoing projects, suc...

Ten Most Significant Risks and Costs of Unethical Behavior in Business
The business world has been shocked and rocked by major corporate scandals involving unethical behavior. The real poster companies of ethics violatio...

Secure Yourself In The Growing Career Of Computer Network Security
We have all heard stories on the news about email viruses wreaking havoc on computer systems. To keep computer systems in top performance you will ne...

IT Security ROI Could Be Dramatic
There are several methods that can be used to recover investment for security in IT. This area has been explored by many industries, and ignored by so...

Is Your Computer Being Spied On?
The best way to find out whether your computer is infested with spy-ware, ad-ware, dialers, and all of the other fun programs is to use a tool to clea...

The Dangers Of Unsolicited Email
There are many simple truths in today's world, and one of them is that if you have an email address then you've received spam. Spam is the common wor...

Home Computer Security
Home computers are a favorite target for intruders. This is because home computers are normally not very secure and are easy to attack. With high spee...

Fight Identity Theft With Computer Security
Identity theft is a fast growing crime around the world and a large part of this is online identity theft. In this article we are going to look at som...

How to Protect Yourself From Computer Identity Theft
The FTC estimates that over nine million Americans have their identities stolen each year. This crime has a huge potential to disrupt your life, you m...

You’ve Got Mail - Or Spam
For far too many people this little canned voice is nothing but a harbinger of bad things to come. If your system has been targeted by one of the hund...

Do You Need Home School Diploma Templates?
Are you looking for home school diploma templates? Well, you are doing the right thing by wanting to present your child with a diploma to recognize th...

The Top 7 Threats To Your Computer in 2007
Now that the holidays are behind us, the cost-conscious among us will be looking for those "post-holiday" deals that are even better than the holiday ...

Beware of e-Greeting Cards - The Newest Spyware Threat
Be very careful about opening emailed greeting cards, as many are now known to contain dangerous spyware. Originally developed as a means for spouses...

» Filed Under RSS Feed Icon Network Security Information

    Ads