E-mail managers have a lot at stake. After all, the volume of global electronic messages sent via e-mail dwarfs all other forms of electronic communication, including social networking. Since the inception of electronic mail, which, according to some Internet historians, can be traced to a small mainframe app called 'MAILBOX' from the mid-1960s, human-to-human messages have been created, transmitted and stored in electronic format. But early e-mail administrators could hardly have envisioned the complexity of current e-mail infrastructure and the concomitant maze of technical, security, business and regulatory challenges.Here are five common mistakes made by e-mail managers, and how to avoid them by developing and implementing your own action plan.
Mistake 1: Pigeonholing E-Mail as Just an IT Function
Business managers know they have a working mail server and trusted individuals to maintain it. Box checked -- or is it? The mail administrator on the IT side is charged with keeping the mail server operational, performing backups, patching servers, supporting users and all the other technical and security details that attach to mail server administration.But these functions represent just one of the many elements necessary to achieve fully effective e-mail management.
Corporate espionage is on the rise. According to a recent report by the U.S. Office of the National Counterintelligence Executive, "The pace of foreign economic collection and industrial espionage activities against major U.S. corporations and U.S. government agencies is accelerating." E-mail has been identified as a primary means of leaking corporate secrets.
In a relatively small number of cases, security breaches are intentionally committed by individuals with malicious intent, but devastating security leaks can also occur quite innocently in organizations where policies, procedures and defense mechanisms are weak or nonexistent.
Despite the fact that high-profile data thefts are made public almost daily, research shows that many e-mail managers do not have adequate measures in place to protect against "exfiltration" of sensitive data. In a recent eMedia survey commissioned by Mimecast, a staggering 94 percent of network managers said they had no mechanisms in place to prevent confidential information leaving their network. Clearly there is a greater need for vigilance
As it pertains to e-mail, Data Loss Prevention (DLP) can be accomplished by inspecting and analyzing outbound email traffic (data in motion) through a variety of hardware and software-based technology solutions, combined with non-technology-based DLP policies. Several DLP solutions are built to extend common firewall platforms. A good DLP solution can also address regulatory compliance as an added bonus.
The take-away here is two-pronged - setting and maintaining corporate-wide data loss prevention policies and deploying DLP mechanisms - is a must.
Action Plan
1. E-mail policy administration should have buy-in from top management and be enforced at all levels.
2. Research, then implement appropriate company-wide DLP.
3. Create and enforce "acceptable-use" policies. For example, spell out whether users can check their personal e-mail using work computers and whether they can use their work e-mail for personal online business.
4. Educate employees and make sure they understand that compliance with e-mail policies is mandatory.
Another area of e-mail management that frequently falls outside the purview of the IT department is regulatory compliance and data retention. There are a number of regulatory requirements that can affect e-mail policymaking.
For instance, health organizations may need to establish point-to-point email security to meet Health Insurance Portability and Accountability Act (HIPAA) requirements. Failure to adequately address policy and regulatory issues can subject an organization to fines or administrative penalties, and weak or nonexistent e-mail policies may expose the company's intellectual property or sensitive customer data to undue risks.
(...)
Read more on PCWorld.com - 5 Common E-Mail Management Mistakes
No comments:
Post a Comment