Controlling outbound e-mail

* Inbound e-mail is not the only security risk

OK, so you have good protection against inbound e-mail carrying viruses, worms, phishing attacks, scams and unwanted content in general. But what about controlling the enormous potential for data leakage and damage to your organization's reputation represented by outbound e-mail?

In my last column, I mentioned some of the factors to consider in controlling inbound e-mail and principles of performance management for any system. Today I’m pointing to a white paper from Osterman Research commissioned by Permessa in 2007 and entitled, “Why Your Organization Needs to Focus on Outbound Content.” 

The authors point out that about half as many midsized and large organizations have outbound e-mail controls as have inbound e-mail controls. Losing control over confidential information, they note, can cost organizations enormous sums in public relations costs and penalties for violating regulations and laws pertaining to personally identifiable information. Uncontrolled e-mail is a channel for data leakage of intellectual property such as trade secrets or strategically important competitive information.

Circulation of offensive e-mails _within_ the organization can have serious consequences; the authors cite cases in which “Chevron Oil settled a sexual harassment lawsuit for $2.2 million after four women received offensive e-mail from a fellow employee. Morgan Stanley settled a $60 million lawsuit filed by two employees after they received racist jokes sent through the company’s e-mail system.”Permessa provides a number of data sheets on several software products for controlling outbound e-mail. For example, its Email Control Enforcer and Email Control Premium products run on IBM Lotus/Notes Domino e-mail systems; Email Control Enterprise for Microsoft Exchange runs on Microsoft Exchange e-mail systems.

For more information about outbound e-mail control, see Andrew Wolff’s excellent overview published in 2006. For a collection of my own columns looking at e-mail policies, see my white paper, “Using E-mail Safely and Well.” 

[Disclaimer: I have no financial or other relations to any of the organizations named in this article.]

Learn more about this topic

 
Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies