Think before you send you can prevent e-mail disasters and protect confidential information by securing your systems.Shakespeare wrote, "Discretion is the better part of valor valor a rodenticide no longer marketed because of toxicity in horses causing dehydration, abdominal pain, hindlimb weakness, inappetence, fishy smell in urine. Called also N-3-pyridyl methyl N1-p-nitrophenyl urea. ," and that's no less true today than it was 400 years ago. Whether you are protecting unannounced corporate earnings or the details of your CEO's personal life, confidentiality is vital to your business and your reputation, and maintaining it can prevent a host of problems, ranging from embarrassment to a lawsuit. In the past, keeping information private wasn't complex. You simply locked your file cabinet and used a hushed tone when speaking in public. You sealed an envelope, so that it would be obvious if it had been opened. But then e-mail came along, and the game radically changed. When it comes to the exchange of information, nothing moves faster than the Internet, and e-mail has become the preferred communication tool for those who want timely delivery and response with uninterrupted work flow. We now have a fast-food mentality toward e-mail that disregards the unfortunate truth that communicating quickly is not necessarily the same as communicating effectively. Speed versus quality is an issue. There are trade-offs that come with the speed and efficiency of e-mail, the top concession being security. Digital communication and the viral nature of e-mail have taken the issue of security and privacy to a new and often dangerous realm. With our increasing dependency on e-mail as a tool for faster communication comes the need to recognize its security shortcomings A shortcoming is a character flaw. Shortcomings may also be:
The high price of failure Communication professionals are privy to a wide range of sensitive and proprietary information that, if handled inappropriately, carries a high risk of damage to the organization, not only to its reputation but also to its bottom line. A 2005 survey on computer crime and security, conducted by the U.S. Computer Security Institute and the Federal Bureau of Investigation Federal Bureau of Investigation (FBI), division of the U.S. Dept. of Justice charged with investigating all violations of federal laws except those assigned to some other federal agency. , found that the theft of proprietary information alone cost the average company US$303,234. In addition, if your company has access to individuals' personal, medical or financial data (whether it's from your customers or those of your clients), legislation such as the U.S.'s HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, (Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when ) and Sarbanes-Oxley Act See SOX. and the EU's Privacy Directive requires you to implement safeguards to ensure that information is kept confidential and secure. You've likely experienced how dangerous e-mail can be and are acutely aware of its high potential for misuse. You might even spend a fair amount of your time dealing with the crises that arise when e-mail is misused, intentionally or not. (See "The Dangers of E-mail," opposite, for some examples of e-mail horror stories.) The irony is that communication professionals, charged with the control and dissemination of information, lose all control as soon as they hit "Send." E-mail can easily spread beyond its intended recipient. The message can be forwarded, the information within cut and copied, even sent to a competitor or other unintended party. It can be plagiarized pla·gia·rize v. pla·gia·rized, pla·gia·riz·ing, pla·gia·riz·es v.tr. 1. To use and pass off (the ideas or writings of another) as one's own. 2. or used out of context. Furthermore, while traditional snail mail Mail sent via a country's government-regulated postal system. (messaging) snail mail - (Or "snailmail", "smail" from "US Mail" via "USnail"; "paper mail"). Bits of dead tree sent via the postal service as opposed to electronic mail. in a sealed envelope indicates that no one else but you has accessed the contents, sending an unprotected e-mail is like sending a postcard through cyberspace. While in transit, it is routed through and stored on multiple servers, where it can be accessed and read by people other than the designated recipient. Many organizations post a disclaimer or automatic signature saying that the e-mail is for intended recipients only, but these cannot guarantee the privacy of the information contained in a message, and they certainly can't prevent a security breach. Decreasing your vulnerabilities Companies should consider implementing an e-mail policy that educates employees about accepted practices concerning the company's e-mail system. The policy should communicate e-mail risks so employees are aware of the potential for harm. It should also outline "etiquette" for both professional and personal e-mail communication, both of which can affect a company's reputation. In addition, an e-mail policy should describe the use of e-mail resources, prohibited content, document retention policies, and the transmission and storage of confidential company information. Another way to maintain confidentiality is to use e-mail and document security software that incorporates encryption and digital rights management (DRM (1) (Digital Radio Mondiale) A digital audio broadcasting (DAB) system for AM radio in Europe. See HD Radio. (2) (Digital Rights M ) technology. Encryption is the process of scrambling the information contained within an e-mail to make it unreadable until it is unscrambled by the intended recipient. It's been around for some time, but historically only organizations with an urgent need for secrecy used it. Advances in the technology have brought encryption to the masses, however, with software that is easy to use and compatible with a variety of e-mail programs and document types. DRM protects information by letting the sender control how an e-mail may be used by the recipient. For example, the sender could prevent forwarding and editing but allow printing. He or she could set expiration dates on e-mail and documents, effectively deleting the documents from the recipient's inbox and PC at a specified date and time. In addition, the sender can set access privileges--for example, specifying that a press release only be accessible on a certain date by a particular journalist. While the underlying technology remains quite complex, communication professionals today can apply these types of protection to their e-mail and files with just one or two clicks of a "send secure" button. Encryption and DRM technology are highly effective at keeping your private information private, but it's important to note that even the most advanced digital encryption techniques can be broken or circumvented with enough motivation, time and money. With e-mail and document security software, though, you can significantly minimize your risk of information leakage Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless. For example, when designing an encrypted instant messaging network, a network engineer without the capacity to crack your by safeguarding data with "persistent" protection, meaning the protection remains, no matter where the e-mail travels or is stored. Here are some guidelines for smaller companies and independent contractors interested in implementing an overall IT security plan. 1. Get regular operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. updates. No software is bug-free, and hackers exploit these bugs for a variety of reasons. Thus, it is critically important that software be updated regularly. Most operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. , firewalls and antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. include an auto-update feature that enables them to download updates as soon as they are available. 2. Install a firewall. Firewalls separate one network from another, and they are frequently used to separate an internal network from the Internet. Firewalls not only mask the identity of individual computers, they also examine and filter potentially damaging data entering or leaving the network. 3. Make sure you have antivirus protection. New malware (malicious software) programs are released each month. These include viruses, worms, Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
4. Insist on periodic backups. Periodic backups ensure business continuity in case of an incident such as a hard drive failure or a security attack. Data backups to an external hard drive or CD-ROM CD-ROM: see compact disc. CD-ROM in full compact disc read-only memory Type of computer storage medium that is read optically (e.g., by a laser). should occur at least once a week, and the backup data should be stored off-site in a secure location. Be sure to test your backup processes to ensure that data can indeed be restored in the event of an operational failure. 5. Use strong passwords. Passwords are used to authenticate the identity of an individual user. Unless otherwise protected, once a password is uncovered, sensitive data is exposed. With free software that is readily available on the Web, most passwords can be broken in a number of minutes. Good password security requires a combination of uppercase and lowercase letters, numbers and symbols--for example, eR8>!tJd. While these tips will help you and your company be more secure, consider getting help from an independent security consultant to assess your unique security situation and create a comprehensive security policy. The dangers of e-mail: Notable events and quotes In February, Boston attorney William Korman, feeling offended by an impertinent IMPERTINENT, practice, pleading. What does not appertain, or belong to; id est, qui ad rem non pertinet. 2. Evidence of facts which do not belong to the matter in question, is impertinent and inadmissible. e-mail received from 24-year-old job candidate Dianna Abdala, forwarded their e-mail spat to a colleague. It quickly spread throughout the Boston legal <noinclude></noinclude> Boston Legal is an American legal drama created by David E. Kelley that has aired since October 3rd, 2004. It is a spin-off of the long-running legal drama The Practice community and made its way to ABC ABC in full American Broadcasting Co. Major U.S. television network. It began when the expanding national radio network NBC split into the separate Red and Blue networks in 1928. News' Nightline. U.S. congressional hearings in February about the government's response to Hurricane Katrina  Editing of this page by unregistered or newly registered users is currently disabled due to vandalism. revealed that neither Homeland Security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland securityDepartment of Homeland Security executive department - a federal department in the executive branch of the government of the United States Secretary Michael Chertoff nor Defense Secretary Donald Rumsfeld uses e-mail. CNN.com ran a story in November 2005 about the use of e-mail as fodder for litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. , citing the following examples: * In a Massachusetts class-action suit Noun 1. class-action suit - a lawsuit brought by a representative member of a large group of people on behalf of all members of the group class action over the dangers of the diet drug combination Phen-Fen, the court allowed this e-mail from a company executive to be admitted: "Do I have to look forward to spending my waning years writing checks to fat people worried about a silly lung problem?" * Chevron settled a lawsuit for US$2.2 million that involved an interoffice in·ter·of·fice adj. Transmitted or taking place between offices, especially those of a single organization: an interoffice memo; interoffice conferences. e-mail giving 25 reasons why beer is better than women. Renowned primatologist Jane Goodall, in an October 2005 interview with Forbes.com editor David Ewalt, stated, "I think e-mails are the most dangerous form of communication because people are wedded to the screen, they feel compelled to answer e-mails immediately, and they're under huge pressures with the numbers of e-mails pouring in." Sears Holdings Corp.'s vice president of public relations public relations, activities and policies used to create public interest in a person, idea, product, institution, or business establishment. By its nature, public relations is devoted to serving particular interests by presenting them to the public in the most accidentally forwarded an internal e-mail to the Chicago Sun-Times in September 2005 in which he referred to a Sun-Times columnist as a complete waste of time, without influence and totally irrelevant. The contents of the e-mail were subsequently written about by the Sun-Times and others. The web site The Register reported in April 200S that President Bush admitted he does not send personal e-mails to his daughters for fear that his "personal stuff" might end up in the public domain. Scotland's Herald reported in January 20o4 that Downing Street is replacing e-mail with sticky notes to curb embarrassing internal e-mail, an approach also adopted by the White House. Staff at No. 10 were encouraged to leave messages for each other on Post-it-style notes that can be torn up and destroyed. The move followed a barrage of highly embarrassing electronic mails written by some of Tony Blair's aides. e-mail dos and don'ts * Don't send an e-mail in anger or haste. * Don't send personal e-mail from your work account. * Do maintain current virus protection software on your PC. * Do encrypt your e-mail and/or apply rights management controls when discussing confidential or sensitive information. e-mail security shortcomings Unencrypted e-mail: All messages are sent in clear text, making intercepted messages readable to anyone. Free e-mail services (such as Hotmail and Yahoo!): Your e-mail is archived online, making it easy for hackers to crack accounts and access e-mail content. Internet Service Provider Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. (ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. ): Although an ISP will transfer the e-mail messages you open to your hard drive, a hacker can still get access to any e-mail you have not yet opened. Ray Zambroski is the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Essential Security Software, a provider of e-mail and document security solutions in Bellevue, Washington. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion