	Initiatives in Business Development Ltd
Home Information Bank Articles

Email Alert

Whether it's business or personal, don't take it lightly.

Nearly everyone uses email these days. Most businesses and households have evolved from 'snail-mail' and are now using email as their primary form of correspondence. This explosion in e-communication has brought tremendous benefits for marketers but also carries serious risks and hazards. Understanding the way email works and its limitations is essential to keeping you and your company out of all kinds of hot water.

One of the most obvious dangers facing email users is computer viruses, for which email is the preferred method of transmission. Viruses and other malicious software caused some $13.2 billion of damage worldwide in 2001, according to Computer Economics, most of which was due to the time taken to remove nuisance code and recover data.

After many high profile computer viruses scares, most people now have up-to-date anti-virus software installed. There are other vulnerabilities, however, which can be even more damaging and are not so easily handled by bolt-on technology. These include the following:

legal liabilities including defamation by an employee
loss of time at work through misuse of email
the disclosure of confidential or private information
distribution of damaging or offensive material
flooding of networks or loss of bandwidth caused by high volume emails and large attachments.

Problems of Perception

Most of us are aware that email is inherently insecure and that it often fails to satisfy the holy trinity of security needs - confidentiality, integrity and availability. Without encryption and digital signatures, you can't really be sure who an email came from or if it has been read or altered by somebody else between sending and receiving.

In spite of this, email is often still perceived as private. People are shocked to find that email can be so readily used as evidence in a court of law and that it's so persistent. That sharp comment about someone, added as an impetuous afterthought, can come back to haunt you years later.

Damaging emails also have a habit of spreading like wildfire. Witness the case of an unfortunate London lawyer who, in a heady moment of macho pride, forwarded an intimate email from his girlfriend to a few male colleagues. Within 48 hours this message had been sent around half of Europe, resulting in huge embarrassment for the company and disciplinary proceedings for the lawyer.

More seriously, Jo Moores, special adviser to the then Transport Secretary, Steven Byers, brought an entire government department to a standstill with her 'bury bad news' email on September 11th. This simple message went on to claim the scalp of a cabinet minister and left a controversy in its wake that was still raging nearly a year later.

If companies do not properly manage employees' use of email, they can be held liable for anything defamatory or offensive that a rogue worker might send. As Lars Davies, lecturer in internet law at the University of London noted recently, at least 85 per cent of UK businesses are liable or potentially liable for defamation or perversion of the course of justice because of email.

Those irritating legal disclaimers that companies now stamp on the end of every email are pretty useless too. As one legal authority put it recently: "There have been no cases, to my knowledge, where that disclaimer has been effective".

Email is a prime source of evidence in legal cases, not just because of the sheer volume of correspondence but also because it's so easy to search for specified keywords. According to Computer Forensics of Seattle, over 60 per cent of US civil law cases now refer to email.

Even if messages are encrypted, litigious third parties often have the right to access this material in order to prove their case, so you may be forced to hand over the keys. For companies that don't have a security policy with a clearly defined email retention period, this can result in a very costly data-recovery exercise.

When it comes to leaking company secrets, email takes a lot of beating. Whether it happens by design or by accident, email can punch holes straight through Firewalls and evade the most high-tech perimeter security. In July 2001, for example, someone at the pharmaceuticals giant Eli Lilly accidentally revealed the email addresses of some 600 Prozac customers in a routine mailer, simply by clicking CC (copy) instead of BCC (blind copy).

Prevention is better than cure

The first step towards making sure that your business is not caught out by a costly or embarrassing email incident is to understand the dangers. Here is a checklist of things you can do at the corporate level to make emailing safer:

Train users about acceptable email usage and how to respond to security incidents
Install anti-virus software on email gateways and keep them updated
Use content scanners and monitors to filter out unacceptable messages
Maintain all software with the latest security patches
Block or quarantine executable attachments at the mail server /li>
Have a sensible back-up system to recover necessary data.

For individual users, additional safety tips include the following:

Re-read messages before sending to check for clarity and legal content
Ensure that anti-virus software is installed on your computer or is provided through the network
Check that the anti-virus software is updated every day
Understand how to use CC and BCC copy facilities
Be very wary of unsolicited attachments, even from people you know
Don't send attachments unnecessarily - put the information in body of email if possible
Where possible attach Word documents as rich text format (RTF) to avoid script and macro viruses
Make sure that your correspondence is backed up
Do not take any action based on information received in an email without first double-checking its authenticity (many people have been duped into deleting a system file, thinking it is a virus)
If you want to keep your email confidential and be sure who you're talking to, use encryption or a free service like Hushmail.

All of this should be spelled out in a company security policy (see BS7799 Code of Practice) but many companies prevaricate until it's too late.

Yes, email can be harmful, in a surprising number of ways but the good news is that with just a little time and forethought it can safely be used as the best communication method man has yet devised. The more that people use it safely and responsibly, the better it is for us all.

******

Author: Simon Cross
Date: First published in PMLive.com November 2002, and revised 12 April 2003.