Corporate governance is often spoken about in the industry and many "company policies" focus on this, but it is seldom enforced, which can easily lead to confidentiality leaks, most often via e-mail.
This is the view of Kevin Taskes, MD of CertifiedMail, a company that focuses on the secure delivery of confidential e-mail messages.
"Thanks to the Electronic Communications and Transactions (ECT) Act and the King II Report on Corporate Governance, executives have to pay more attention to electronic communication like e-mail and how it is used," says Taskes.
He says e-mail as a business tool is as important as the telephone, and e-mail messages are now considered valid legal documents. So how do companies enforce an e-mail policy that is in line with the ECT Act?
"You can`t trust your employees to follow the policy 100%, so in terms of confidential documents, you cannot make the encryption function user-related, you need instead to set up mechanisms to do this for you.
"Thus, you can have an intelligent piece of software such as a content filter, which will block outgoing e-mail that has specific keywords - such as 'confidential` or 'tender` - within the body. The problem with this is that sometimes the business needs to send out documents like this, so how does one get around this problem?"
Taskes says the answer is a secure mail server.
"By using the content filter to direct important documents to a secure mail server, where the e-mail then resides, one takes away the danger that would exist over a normal e-mail channel, that of the wrong people intercepting your important documents," he says.
"The message would be stored on the server and an e-mail would be sent to the user, informing them they have a message waiting. They would then log on over a secure socket layer and, after inputting a username and password, would be able to access the e-mail."
According to Taskes, one of the biggest threats to e-mail privacy in a company is its own mail administrator, who inevitably has access to all corporate documents. A system using user ID and encryption reduces the risk of an administrator or network user gaining access to it, says Taskes.
Related stories:
Corporate governance: When a nudge and a wink is no longer enough, or acceptable
Corporates need to balance e-mail policy vs employee privacy
Share
