E-Mail Can Jeopardize Company Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

05:13 PM

E-Mail Can Jeopardize Company Security

Jolly Technologies, a California software maker, reported earlier this month that an employee at its recently launched research-and-development center in Mumbai, India, stole portions of its source code and proprietary design documents. The insider allegedly used her free Yahoo E-mail account to upload and send the files from the research facility, according to a company statement. Last year, the Office of the Comptroller of the Currency fined two former banking employees of Grand Valley National Bank for violating privacy provisions of the Gramm-Leach-Bliley Act by E-mailing confidential loan files to an unauthorized third party.

Inside Surveillance bar chartE-mail-based virus attacks might threaten business operations and managing spam can drain productivity, but inappropriate employee use of E-mail can place intellectual property at risk and potentially open businesses to lawsuits.

While a majority of companies provide their personnel with guidelines on the appropriate use of E-mail, few actually monitor the content of E-mail communications. And this poses a security risk.

How big of a risk? The Computer Security Institute/FBI 2003 Computer Crime and Security Survey found that of 488 companies surveyed, 77% suspect a disgruntled employee as the source of a security breach. It also reveals that one in five sites suffered some type of theft of proprietary information. Losses attributed to the theft of intellectual property cost U.S. businesses an estimated $70 million last year.

As more employees and companies are fined or face other penalties for violating regulations such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act, expect to see increased use of enterprise digital-rights-management software and E-mail monitoring. Companies also likely will lock down the capabilities to copy information to recordable DVDs, CDs, and USB storage devices as cases such as Jolly Technologies' surface.

What's the best deterrent against the loss of intellectual property? Share your recommendations with us at the address below.

George V. Hulme
Senior Editor
[email protected]

Message Screening pie chartMessage Screening

Is the content of your company's outbound E-mail messages monitored?

Despite the possible threat that E-mail poses to intellectual property, companies generally lack safeguards to ensure against loss. Less than a quarter of the 3,171 U.S. companies in InformationWeek Research's 2004 Global Information Security Survey monitor the content of their companies' outbound E-mail messages. This constitutes a weakness in companies' security practices.

Policy CoveragePolicy Coverage

Is appropriate use of E-mail and the Web part of your company's security policy?

Although outbound E-mails are generally going unmonitored, this doesn't mean that companies aren't recognizing the potential risk that E-mail poses to company confidentiality. Three-quarters of sites in InformationWeek Research's 2004 Global Information Security Survey cover the appropriate use of E-mail in their security policies. By comparison, only 55% include appropriate use of the Web.

Company Guideline pie chartCompany Guidelines

Does your company have in place customer data-privacy safeguards that inform employees of privacy and behavior standards?

Security policies aren't the only way companies are ensuring that proprietary information remains safe. The Federal Trade Commission released a survey in September reporting that 27.3 million Americans were victims of identity theft in the last five years--4.6% of the U.S. population. To ensure the protection of customer privacy, three-quarters of sites in InformationWeek Research's security survey say they provide employees with company privacy and behavior standards.

Who's To Blame bar chartWho's To Blame?

Whom do you suspect as the source of security breaches in the past year?

Disgruntled employees aren't the only threat to business operations. Former employees also pose a threat to computer-based operations. According to our information-security study, companies have had their share of security problems caused by employees. Of 1,115 U.S. sites reporting a security breach in the past year, 30% suspect unauthorized employees as being behind the incident, 17% suspect authorized workers, and 15% former employees.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Data Science Salary Survey Reveals Market Shift
Jessica Davis, Senior Editor, Enterprise Apps,  6/27/2019
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
How to Land a Job in Cloud Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/19/2019
Register for InformationWeek Newsletters
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll