Exposure of confidential data via e-mail a very real risk for businesses
Surveys show that companies are becoming increasingly concerned about data loss and exposure of confidential information through e-mail, says Richard Broeke, an IT security expert at Securicom.
Surveys show that companies are becoming increasingly concerned about data loss and exposure of confidential information through e-mail. And, rightly so, says Richard Broeke, an IT security expert at Securicom. Research indicates that at least 22% of companies have experienced an accidental or malicious leak of sensitive or confidential information by employees through email in the past 12 months.
Citing from research by Osterman Research, Richard Broeke, an IT security expert at Securicom, says: "About one in five companies experience some form of data loss through e-mail each year. While external threats cause more pressure and receive more focus from IT departments from a security point of view, 48% of respondents in Osterman Research's survey said that employee accidents, non-malicious mishaps and deliberate data leakage also put them under pressure.
"It is easy to understand why. Users can inadvertently send content that violates data breach laws, such as sending sensitive content without encryption, resulting in significant penalties, notification requirements, sanctions and other consequences," he says.
There are various pieces of legislation that oblige businesses to protect and appropriately manage sensitive information. Companies can be held legally liable for non compliance. Legalities aside, e-mail abuse can have a devastating effect on corporate reputation.
For the most part, leaks of sensitive information can be put down to employee accidents. However, companies need to bear in mind the risk of a disgruntled employee deliberately exposing or stealing confidential information.
These internal threats, whether by mistake or intentional, make email content filtering a corporate priority - not only to prevent breaches of confidentiality that could land the company in contravention of the regulatory compliance regulations of its industry, but also to ensure that email communication remains free of inappropriate material that could harm an organisation's reputation, its relationships with its clients, suppliers and employees.
Content filtering involves using technology to scan ingoing and outgoing mails for malicious code and questionable material that doesn't meet a company's acceptable use policy. E-mail content management systems have evolved significantly in recent years and while there are those that only serve for dedicated content filtering, others now possess a range of capabilities including spam filtering, anti-virus and anti-phishing.
"Content management systems are a very powerful tool for enforcing email usage policies and for monitoring and controlling the nature of information flowing in and out of a corporate network. Systems can be configured according to an organisation's specific rule-set, and any email that over-steps the lines is immediately stopped," says Broeke.
While technology is the only way to effectively control how and for what purpose employees utilise company resources like e-mail, education remains paramount in preventing the compromise of company data.
"Companies need to educate their employees about using email responsibly and be informed of risks like phishing and social engineering. All companies also should have a comprehensive e-mail usage policy in place which makes official the organisation's rules and restrictions on email usage. Every employee should be aware of the rules, and understand that there are consequences for the contravention thereof. An e-mail usage policy offers businesses some protection from liability arising from a breach of confidential information because the existence of an e-mail policy is proof that the company had in fact taken steps to discourage and prevent the inappropriate use of the company's email system.
"Implementing an email policy is particularly advised for businesses that use, or intend to use, content filtering software to check the content of their employees' e-mails. Employees would have to be made aware that their e-mails are being monitored," advises Broeke.