Some companies lull themselves into a false sense of security upon installing a firewall. This is a wise step to protect their intranet, but it is not enough: Firewalls prevent network access by unauthorized users. But they do not check the content of mail being sent and received by those authorized to use the system, for instance. More targeted measures are needed to counteract this and other security loopholes in a corporate network.
Information
leaks
Organizations
often fail
to
acknowledge
that there
is a
greater
risk of
crucial
data being
stolen
from
within the
company
rather
than from
outside.
Various
studies
have shown
how
employees
use email
to send
out
confidential
corporate
information.
Be it
because
they are
disgruntled
and
revengeful,
or because
they fail
to realize
the
potentially
harmful
impact of
such a
practice,
employees
use email
to share
sensitive
data that
was
officially
intended
to remain
in-house.
FBI
statistics,
for
example,
reveal
that among
Fortune
500
companies,
most data
thefts in
1998 were
by
internal
users.
Again,
research
results
carried in
PC Week in
March 1999
report
that, out
of 800
workers
surveyed,
21-31%
admitted
to sending
confidential
information
- like
financial
or product
data - to
recipients
outside
the
company by
email. Ten
per cent
of those
surveyed
disclosed
that they
had
received
email
containing
company-confidential
information.
Malicious
or
offensive
content
Emails
carrying
sensitive
information,
or
unsolicited
mail
messages
sent out
by
corporate
users are
not the
only
problem a
company
has to
tackle
with
regard to
employees'
email use.
Emails
sent by
staff
containing
racist,
sexist or
other
offensive
material
could
prove
equally
troublesome,
not to
mention
embarrassing
- and
expensive!
This
factor hit
the
headlines
during the
much-publicized
antitrust
case
against
Microsoft
Corp.,
when the
US
government
presented
as
evidence
the
contents
of emails
written by
top
Microsoft
executives
describing
plans to
topple
competitors.
On a
similar
note,
Chevron
recently
had to pay
$2.2
million to
settle a
lawsuit
resulting
from an
email
message
bearing
sexist
contents.
Under
British
law,
employers
are held
responsible
for emails
written by
employees
in the
course of
their
employment,
whether or
not the
employer
consented
to the
mail. The
insurance
company
Norwich
Union was
asked to
pay
$450,000
in an
out-of-court
settlement
as a
result of
emailed
comments
relating
to
competition.
Besides,
offensive
emails can
cause
considerable
damage to
the work
environment
simply by
generating
an
unpleasant,
hostile or
unprofessional
atmosphere.
Viruses
Viruses
are a
major
email
security
hazard
that
companies
simply
cannot
afford to
ignore.
Over
11,000
different
computer
viruses
exist to
date and
some 300
new ones
are
created
each
month.
Their
effects
range from
negligible
to
bothersome
to
destructive.
The extent of the problem is so great that today many companies have even begun to prohibit the use of email attachments, as this is where viruses are often embedded. Unless forewarned, users are generally unaware that they have received a virus until they open the infected attachment. By this time, it is too late: the virus is activated and starts to take over, completely infecting the hard drive and the messaging network.
The danger of viruses transmitted through macros, another common form of virus transmission, is that they allow the user to continue working and sharing documents. This way, the virus spreads faster, infecting more and more users. One such macro virus, known as Melissa, reared its ugly head on March 26, 1999. Melissa forced organizations the world over - among them Microsoft and Intel - to suspend all email transactions. This may well have been an effective response to the new viral onslaught, when timely action was taken - but it also signified incalculable productivity loss, despite stemming data loss. As a result, Melissa left a huge dent in corporate coffers: "It is responsible for millions of dollars worth of damage", an April 1999 issue of InfoWorld reported.
Other fiercely destructive viruses followed fast on Melissa's trail, such as the Chernobyl (CIH) virus and the Explore Worm, both of which wipe out files, resulting in data loss. Again, companies like Microsoft, Intel, Boeing and Forrester Research were reported in the press as having shut down their mail servers when hit by the Explore Worm outbreak in June 1999. And, as if all this were not enough, anti-virus researchers predict that more damaging email viruses are yet to come.
Spam
About 90
per cent
of email
users
receive
spam - or
unsolicited
commercial
mail - at
least once
a week, a
survey
conducted
by the
Gartner
Group
shows. The
research
results,
issued in
June 1999,
revealed
that
almost
half those
surveyed
were
spammed
six or
more times
a week.
The study
surveyed
13,000
email
users.
Although
the U.S.
Congress
and state
legislatures
are
seeking to
ban spam,
and the
Federal
Trade
Commission
sues
spammers
whose junk
mail
deceives
consumers,
unwanted
mail is on
the
increase.
As well as
consuming
bandwidth
and
slowing
down email
systems,
spam is a
frustrating
time-waster,
forcing
employees
to sift
through
and delete
mounds of
junk mail.
It also
proves
irritating
and
offensive
to
recipients
who feel
their
privacy
has been
invaded.
However,
there is a
third
aspect to
spam: it
constitutes
a security
hazard.
Spammers
can use a
corporate
mail
server to
send out
their
unsolicited
messages,
often
bringing
trouble
upon the
unwitting
organization.
Virgin Net
recently
underwent
such an
experience
when one
of its
subscribers
apparently
used its
network to
send out
250,000
junk
messages.
As a
result of
this
individual's
actions,
Virgin Net
was put
onto the
Real-time
Blackhole
List (RBL),
an
undesirable
listing
which
leads
other ISPs
to reject
mail
coming
from that
company.
