Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

<b>Online Exclusive:</b> Best Practices for E-mail Security

By ALM Staff | Law Journal Newsletters |
August 15, 2006

E-mail has a tremendous potential to become the source of leakage of information from any organization, but chief security officers are rapidly taking advantage of new technologies to stop leaks while enabling the flow of appropriate information.

'Seventy-percent of corporate data lives in e-mail today,' said Rami Habal, director of product marketing for Proofpoint, in a Webinar offered last week by Proofpoint. '[In other words], it is highly available through channels such as e-mail, blogs, instant messaging, and, increasingly, through peer-to-peer networks.'

For legal as well as business reasons, review of outbound e-mail is critical, and so is encrypting messages that go out with individuals' or private corporate information. 'Legal contracts, earning releases, and many other digital assets ' are easily exposed now, and this can have a huge impact on a business,' said Habal.

Habal said that companies should develop e-mail security programs that have these five fundamental characteristics:

  • Accurate detection. Minimize incidence of false positives (such as a Social Security number, which would not be allowed in an outgoing e-mail, confused with a routing number). Minimize incidence of false negatives (such as making sure proprietary price information stays in-house).
  • 'Frictionless' deployment and management. Many critical functions can be automated, such as updates from software security vendors and new security protocols from the company's security department.
  • No need for inside expertise. A good vendor will keep track of federal and state regulations and adjust e-mail protocols appropriately.
  • Granularity. Ability to adjust e-mail filters for different purposes, different user groups, exceptions, etc.
  • Simplicity of use. System should be managed through point-and-click procedures.

Companies should seriously consider the consequences of ignoring e-mail problems, Habal added. According to a study done by Proofpoint last year based on some of its typical customers, an organization will average 3-5 violations per day for every 1000 employees. Assuming a 40-hour workweek and 52-week year, this amounts to more than 6200 violations per year. Given that each violation will cost an organization about $90, on average, to resolve (a number generated by privacy consulting firm Gartner and Associates), the cost of violations reaches more than $560,000 per 1000 employees per year.

'This is the fundamental question you must wrestle with,' said Habal. 'What is the cost you will incur upfront to stop these violations ' or are you willing to consider them the cost of doing business?'

E-mail has a tremendous potential to become the source of leakage of information from any organization, but chief security officers are rapidly taking advantage of new technologies to stop leaks while enabling the flow of appropriate information.

'Seventy-percent of corporate data lives in e-mail today,' said Rami Habal, director of product marketing for Proofpoint, in a Webinar offered last week by Proofpoint. '[In other words], it is highly available through channels such as e-mail, blogs, instant messaging, and, increasingly, through peer-to-peer networks.'

For legal as well as business reasons, review of outbound e-mail is critical, and so is encrypting messages that go out with individuals' or private corporate information. 'Legal contracts, earning releases, and many other digital assets ' are easily exposed now, and this can have a huge impact on a business,' said Habal.

Habal said that companies should develop e-mail security programs that have these five fundamental characteristics:

  • Accurate detection. Minimize incidence of false positives (such as a Social Security number, which would not be allowed in an outgoing e-mail, confused with a routing number). Minimize incidence of false negatives (such as making sure proprietary price information stays in-house).
  • 'Frictionless' deployment and management. Many critical functions can be automated, such as updates from software security vendors and new security protocols from the company's security department.
  • No need for inside expertise. A good vendor will keep track of federal and state regulations and adjust e-mail protocols appropriately.
  • Granularity. Ability to adjust e-mail filters for different purposes, different user groups, exceptions, etc.
  • Simplicity of use. System should be managed through point-and-click procedures.

Companies should seriously consider the consequences of ignoring e-mail problems, Habal added. According to a study done by Proofpoint last year based on some of its typical customers, an organization will average 3-5 violations per day for every 1000 employees. Assuming a 40-hour workweek and 52-week year, this amounts to more than 6200 violations per year. Given that each violation will cost an organization about $90, on average, to resolve (a number generated by privacy consulting firm Gartner and Associates), the cost of violations reaches more than $560,000 per 1000 employees per year.

'This is the fundamental question you must wrestle with,' said Habal. 'What is the cost you will incur upfront to stop these violations ' or are you willing to consider them the cost of doing business?'

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Legal Possession: What Does It Mean? Image

Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.

The Anti-Assignment Override Provisions Image

UCC Sections 9406(d) and 9408(a) are one of the most powerful, yet least understood, sections of the Uniform Commercial Code. On their face, they appear to override anti-assignment provisions in agreements that would limit the grant of a security interest. But do these sections really work?