An archive of corroborating documentation is essential today for legal compliance and litigation reasons. You must know if the IT system maintains an audit trail of incoming, outgoing, and internal electronic correspondences. Lawsuits can tarnish a business' reputation -- long-term, this could affect investor relations and erode stock value or undermine strategic business alliances. A negative image could even harm your company's ability to recruit top-notch employees, derailing future growth. In heavily regulated industries like finance and healthcare, failure to provide extensive documentation on demand can result in extremely stiff fines and potential jail time. Archiving business e-mails to a database is one part of the solution. Recording and storing specific incoming, outgoing, and internal e-mails by user, group, or domain makes it easy to retrieve and review corroborating documents when needed. "If a computer crime was found in your company, is it possible to absolutely prove to the court, media, and stockholders who committed the crime?" noted Sherizen. If the answer is no, your information security experts need to beef up your user identification and authentication methods as well. Sherizen suggests there are a number of biometric authentication tools (fingerprint and/or iris scan, voice recognition, etc.) and authorisation control technology packages that are worth investigating. 4. What's in place to stop malicious attacks?
Just because an attack hasn't happened yet doesn't mean it won't. You need to know if, and what, steps are being taken to prevent viruses from contaminating or destroying your company's electronic data, whether initiated from external, internal, or remote sources. Sherizen said, "IT security people need to keep abreast of what's happening in information security in their industry. Look at the kinds of attacks that have occurred, and learn about the kinds of approaches being implemented to prevent or detect security breaches." Also, IT security staff should be conducting ongoing evaluation of the latest e-information security techniques and tools, weighing the cost of implementing various strategies against corporate objectives. On the most basic level, any IT system must be able to detect and block viruses. A number of tools on the market today can countermand intrusions by name pattern, file type, structure, or fingerprint. "Management may have to make some strategic tradeoff decisions as to what's appropriate and what's not," said Sherizen. Limiting access to certain information may reduce the risk of security breaches. On the other hand, instituting restrictive roadblocks to sensitive information may hamper your company's agility to pursue unexpected business opportunities. 5. What is in place to limit legal culpability relating to e-mail?
You must take steps to contain your company's liability for the content of any communication originating from your messaging systems. Any instance of e-mail abuse over the corporate network, such as messages that may be construed as sexual harassment, for example, leaves your company wide open to charges. In July of 2000, Dow Chemical fired 50 workers and disciplined another 200 for distributing, downloading, or saving pictures that were either pornographic or violent. The employees were found to have violated the company's harassment-free work environment policy. The repercussions from that event and subsequent disciplining were wide ranging. Besides the expense of terminating staff, and recruiting and training replacements, the company had to contend with poor morale, loss in productivity from the 200 workers, unpaid suspensions, and probations. While many companies have corporate policies in place on "appropriate" Internet and e-mail use, this might not be sufficient to limit your company's liability. You also need a systematic approach to screening e-mail content to ensure compliance with corporate ethics. Staying ahead of the security curve
Amy Kessler, vice president and general manager of GROUP Technologies, a developer of security software, offers five tips on ways CIOs can shore up security:
- Build awareness. Make sure every employee and partner with access to systems understands policies about e-mail, data access, passwords, software installation, and Internet use.
- Survey and evaluate. Conduct a comprehensive survey of your data and determine what's most important to protect and what's not. Then evaluate what tools and applications are best for the job.
- Use the right tools. A firewall and antivirus software aren't enough. For instance, some software can block certain types of data from being e-mailed. Other software can filter e-mail according to specific criteria.
- Aggressively test the network. Once you've put your tools in place, rigorously test your network inside and out. Use your own internal team or hire professional hackers to try and crack your system. Then keep testing your network regularly and plug any holes that surface.
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
- « Previous
- 1
- 2
Related stories
Post your comment
In order to post a comment you need to be registered and logged in.
You can also log in with Facebook. Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ
