• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Neil Hymans

Neil Hymans on the safety issues when using e-mail

CONSIDER this: On March 13, 2001, the CEO of American health-care software giant Cerner Corporation e-mails 400 managers, expressing fiery dissatisfaction with staff performance. By March 21, the e-mail is circulating on the Internet. After a further three days, Cerner's share price has plummeted by 22 per cent, analysts are warning that the company is off the rails and the CEO is fighting to hold on to his job.

Whether you use e-mail within a corporate network or over a dial-up Internet connection, it is critical to understand that e-mail messages leave trails as they move from the sender's computer to the recipient's. Each and every message — no matter how trivial — is routed through computers known as e-mail servers. Even an e-mail to your colleague in the next office will certainly pass through one or more servers.

As long as an organisation is performing regular backups of its servers, messages can be recovered long after both sender and recipient have deleted them from their own computers. With e-mail, it is never safe to assume that a message nolonger exists.

Everything you say can and will be used against you... The courts have long regarded email as admissible evidence, as long as its authenticity can be proved. In the wake of corporate debacles such as Enron, WorldCorn and those closer to home, millions of dollars are being spent on the forensic examination of email records to produce 'smoking guns'.

Override security in a click: Responsible enterprises take data security very seriously. Computer users are generally required to login with a username and password before they can access corporate information resources. They may need to go through further authentication steps to access email and files on network servers.

However, if your organisation is connected to the Internet (as the vast majority now are), defeating this security is as easy as simply clicking on the 'Forward' button on your email software. And regardless of how many passwords are needed to access a highly confidential document, the information can instantly enter the public domain as an attachment to an outgoing email message - and this is something that few organisations even attempt to control.

What's more, once sensitive information leaves your organisation's trusted domain, you forfeit all control over its subsequent distribution. Many high-profile personalities can attest to the potency of this risk.

Before the advent of e-mail, breaching corporate confidentiality required both malicious intent and effort. These days it requires neither. In fact, the accidental circulation of confidential material is remarkably common — all it takes is a wrong name in the `To' box when addressing a message. The cold comfort is that it is now much easier to trace the source of such breaches.

Keeping out of trouble: E-mail is a remarkably convenient medium for moving information quickly — but it is not without risk. Here are a few strategies for managing that risk to ensure you don't become a case study.

Stay on the record: Given the enduring nature of email and the ease with which it can be circulated, it makes sense to restrict its use to communications that are neither sensitive nor controversial.

The definition of sensitivity obviously differs in every organisation, but if in doubt, ask yourself this question: how damaging would it be if a competitor received this email? Or the lawyer of a recently dismissed employee?

Find alternatives to e-mail: Much of the communication currently conducted via email is more appropriately accomplished by other means — and often far more productively. For example, as a practical alternative to distributing sensitive files as email attachments, you should consider including network or intranet links to them within your e-mail messages.

Internet mail — even more vulnerable: Although internal corporate email systems can be protected reasonably well from external eavesdroppers, the same cannot be said of Internet mail. Based on a technical protocol that is old by Internet standards, Internet mail is transmitted in plain text and poses almost no challenge for a moderately skilled hacker. This is of particular importance to any business relying on the Internet for the external distribution of e-mail.

Fortunately, e-mail encryption tools offer an extremely effective solution. PGP (Pretty Good Privacy) is the best known of these and is free of charge for private use (visit www.pgpi.org) . Using mail encryption requires technical knowledge but the result is highly secure email.

Eliminate risks, reap rewards: It is estimated that e-mail now carries between a quarter and a third of all business communications. Considering the vital role that e-mail has come to occupy, it is remarkable that there is so little appreciation of just how exposed it is as a communication medium.

In business, the cost of getting it wrong can be heavy indeed. Aside from that embarrassment caused by the public airing of confidential information, inappropriate disclosures can jeopardise market credibility and even erode competitive positions that may have taken years to build. And it can happen with breathtaking speed and ease.

You cannot hope to eliminate all the risks involved with using this medium but, with education, you can certainly reduce them to manageable proportions.

(Edited extracts from CA Charter, a journal of the Institute of Chartered Accounts in Australia. www.icaa.org.au)

Article E-Mail :: Comment :: Syndication

Stories in this Section
What happens if you bought a stolen car?

Copyright © 2003, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line