Skip Links

Controlling outbound e-mail

Inbound e-mail is not the only security risk

Security Strategies Alert By M. E. Kabay, Network World
January 10, 2008 12:05 AM ET
Sign up for this newsletter now!

The long view of security strategies for your network.

OK, so you have good protection against inbound e-mail carrying viruses, worms, phishing attacks, scams and unwanted content in general. But what about controlling the enormous potential for data leakage and damage to your organization's reputation represented by outbound e-mail?

In my last column, I mentioned some of the factors to consider in controlling inbound e-mail and principles of performance management for any system. Today I’m pointing to a white paper from Osterman Research commissioned by Permessa in 2007 and entitled, “Why Your Organization Needs to Focus on Outbound Content.” 

The authors point out that about half as many midsized and large organizations have outbound e-mail controls as have inbound e-mail controls. Losing control over confidential information, they note, can cost organizations enormous sums in public relations costs and penalties for violating regulations and laws pertaining to personally identifiable information. Uncontrolled e-mail is a channel for data leakage of intellectual property such as trade secrets or strategically important competitive information.

Circulation of offensive e-mails _within_ the organization can have serious consequences; the authors cite cases in which “Chevron Oil settled a sexual harassment lawsuit for $2.2 million after four women received offensive e-mail from a fellow employee. Morgan Stanley settled a $60 million lawsuit filed by two employees after they received racist jokes sent through the company’s e-mail system.”

Permessa provides a number of data sheets on several software products for controlling outbound e-mail. For example, its Email Control Enforcer and Email Control Premium products run on IBM Lotus/Notes Domino e-mail systems; Email Control Enterprise for Microsoft Exchange runs on Microsoft Exchange e-mail systems.

For more information about outbound e-mail control, see Andrew Wolff’s excellent overview published in 2006. For a collection of my own columns looking at e-mail policies, see my white paper, “Using E-mail Safely and Well.” 

[Disclaimer: I have no financial or other relations to any of the organizations named in this article.]

Read more about security in Network World's Security section.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News