the risk of employees inadvertently infected a computer network business by malware got through work e-mail or instant messaging is one that most companies take steps to prevent it. Even companies that are small or not technically savvy have antivirus software, firewalls and other security measures to prevent costly and sometimes risky, and the number of infected networks. However, with all the fuss about incoming e-mail, a surprising number of companies are paying little to no attention to the dangers associated with the outgoing e-mail.
According to a recent survey performed by Proofpoint Inc., a California-based security company, potential security risks stemming from the lack of protocols related to e-mails sent from company computers. Concern, such as protecting sensitive data, privacy, legal risks and inconvenience for the company's inspired many companies to put in place standards of practice for employees who sent e-mails (and there are very few who does not these days), and implement security policies on outgoing messages. Many employers are also concerned about employees sending sensitive information on blogs or message boards. Study Proofpoint Inc., which focused on business in the United States and the UK who employ more than 1,000 people, gathered information on the following aspects of e-mail:
level of concern about the outgoing e-mail content leaving large organizations
methods and technologies that organizations use to control or otherwise ensure that outgoing e-mail
status messages related to the implementation of policy and enforcement in large organizations
the frequency of different types of violations of rules and data security breach
2006 study drew from hundreds of studies "decision makers" from different companies, almost 40 percent are in technical, professional, financial and government fields, who answered questions about their companies' outgoing mail policy. It turns out that many companies actually employ staff to read or make outgoing e-mail to see if it fits a standard e-mail protocol. In fact, in the United States, 38 percent of companies have employees to do this job, and 46.9 percent perform regular audits of employee e-content mail. Through these activities, they estimate that more than 20 percent of outgoing e-mail in the workplace contain confidential or other internal business information. Worryingly, almost 35 percent of respondents said that their company had a negative effect, leaving the wrong information by e-percent of employees in the past year. Some companies even had a non-public financial information posted online staff.
However, companies are not the only ones that suffer from these violations. The study shows that in the past year, more than 50 percent of employers surveyed disciplined employees for violating e-mail. In addition, 17.3 percent of the corrective action against an employee violating blog or message board policies, and more than 7 percent actually fired employees for their outgoing messages action.
With more than half of the representatives of the companies expressing concern about reducing the security risks associated with lax outgoing e-mail practices, Proofpoint suggests that companies create and implement policies to deal with the following issues:
acceptable use policy for e-mail, defining the appropriate use of company e-mail system
acceptable use policies for blog and / or message board posts
vulnerability audit policy, which gives the company's information security team the authority to conduct audits and risk assessments, investigate incidents, implementing security policies, and monitor activities
acceptable encryption policy that defines the type of encryption is used within the organization
automatically forwarded e-mail policy that governs the automatic forwarding of e-mail
ethics policy, the definition of ethical and unethical business practices, including disclosure rules, conflict of interest rules, guidelines and communication
policy of the sensitivity of the information or content classification policy, which reduces the risk of confidential information being leaked to outside parties
policy of risk assessment that defines terms and provides authority for information security team to identify, assess and take action on potentially risky information
e-retention policy, which sets the guidelines for the retention of data in e-mail
In addition to designing and implementing specific policies, it can also be important for companies to have in place formal employee training on such policies. Despite concerns about the proper protocol employee e-mail, just a little more than half the companies in any type of employee training to ensure policies are understood. Companies have enough to worry about with the threat of incoming e-mail. With appropriate policies, implementation and communication procedures, employers and employees alike can work to eliminate the concerns surrounding the outgoing e-mail security.
Tidak ada komentar:
Posting Komentar