News Stay informed about the latest enterprise technology news and product updates.

E-mail policies set the bar

Formally explaining a company e-mail policy to users can help organizations avoid hearing the dreaded "I didn't know!" excuse.

CAMBRIDGE, Mass. -- With billions of messages traversing networks on any given day, there is no doubt that e-mail is truly a killer app. Unfortunately, e-mail can also be an organization killer.

At the recent Information Systems Audit and Control Association conference, Allan Boardman, president of the group's London chapter, outlined numerous ways that e-mail can harm a business if managed improperly.

The only fool proof way to fight e-mail attacks is to educate end users about the threats. "Your best defense is an informed employee," Boardman said. "Make sure they know not to open anything suspicious and are aware of e-mail hoaxes."

Companies today must fight viruses, productivity-sapping spam, pornography and other malicious or offensive content, he said. Risks and threats include information overload, information leakage, interception and tampering with data, potential brand damage, reliability and delivery failures and issues related to retention and destruction, he said.

Boardman said

For more information

See how to combat e-mail viruses

Check out the Best Web Links on security policy management

there is a disconnect between end users' perception of e-mail and the realities it represents. "People see it as casual communication, but a lot of companies now see it as a formal communication," he said.

End users consider the messages intransient and a record without ownership. Senders are often impulsive and reactive. Messages are also easy to distribute across a wide population.

Though e-mail is still a prime method used for attacks on corporate networks, blended attacks -- viruses and worms coupled with spam -- are most common today. IT experts must now also be on guard for phishing, which are scams that trick users into sharing personal information.

Corporations today may be held liable for a variety of issues that are related to e-mail. Topics range from defamation, sexual and racial harassment, copyright infringement, publication of obscene material, privacy and data protection and some forms of negligence due to the spreading of viruses.

To avoid problems, Boardman advises IT administrators to have up-to-date e-mail policies that include specifying the company's right to monitor e-mail usage. He said end users should acknowledge all policies and sign off on them. They should use content filtering software and software that monitors and reports activities. Finally, there should be ongoing awareness and education about e-mail policies.

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.