|
|
|
Features
< Back
Sarbanes Oxley : Technology : Email
Do You Know What’s In Your Employee’s Inbox?
Reviewing employee email can actually reduce your exposure to risk. An effective email archiving solution with an email surveillance function can help.
By
Paul Chen
|
|
Paul Chen
President
Fortiva Managed Solutions
|
Email has become a primary means of communication that businesses use to send, receive, and store business-critical information. Since emails carry so much information, they have become an important source of evidence in legal cases. In fact, many recent corporate scandals involving email have led to the creation of new laws regulating the retention, monitoring, timely retrieval, and reporting of electronic records. For example, the Sarbanes-Oxley (SOx) Act requires all public companies (or companies intending to go public) to retain their business records, including email, for at least five years so that they can be easily retrieved for reporting or in case of legal discovery.
With regulations like SOx in place, organizations must take special precautions to ensure their employees do not send and receive any damaging emails via their workplace email account. Since SOx does not specify what constitutes a relevant document, it can be very complicated and risky to preserve only a certain number of emails and as such, all of an organization’s email should be retained. Because of this, organizations must take special precautions to ensure that the content of their employees’ emails is acceptable and will not pose any risk to the organization. However, according to a recent survey conducted by Harris Interactive, 68 percent of U.S. employees who use email at work have sent or received emails that could place their company at risk. Nearly half the people polled say they have sent or received jokes, comical pictures/videos, and stories of a questionable tone, while one in five say they have sent or received a password or log-in information via email. When shared through email, this type of content could pose significant risks to businesses, either from a possible security breach or employee-driven lawsuits.
The survey also found that 92 percent of these employees do not believe that they have ever sent a risky email, which demonstrates that there is a substantial discrepancy between perceived and actual risks posed by email exchange. Consequently, more organizations are looking for ways to protect themselves from these potential email pitfalls. The key to mitigating these risks is to enforce a sound email policy, which involves periodically reviewing employee emails. This can be easily enforced through an effective email archiving solution.
Incorporating Email Surveillance into Company Email Policies
An email policy is a set of rules that clearly state the acceptable use of email within the organization. An effective email policy should explain the use of business email for personal reasons, the forwarding of confidential corporate documents, acceptable email language and content, and required retention periods for certain types of email. It is critical for the email policy to be widely circulated to all employees because a policy that isn’t clearly understood or sufficiently conspicuous can be deemed to be invalid in court. To ensure that the email policy is not violated, the firm should be able to easily monitor employees’ emails and employees must be aware of the fact that their emails may be read by the IT or legal department.
A recent survey conducted by Fortiva, in conjunction with Jeffrey Plotkin, a securities enforcement expert and partner at Day Pitney LLP, demonstrated that email surveillance can yield valuable information and may significantly reduce a company’s exposure to risk. According to the study, 63 percent of companies feel that email surveillance has increased visibility into their potential risk exposure. By catching an email violation before the email is sent out to the intended recipient, the company can avoid spending a lot of time and money in legal turmoil. The study also found that businesses can improve workplace email habits by simply letting employees know that their emails may be monitored. Seventy-nine percent of the respondents agreed that knowing their company reviews email is enough to deter them from engaging in correspondence that violates their corporate email policy. These results confirm that email surveillance is a best practice for organizations looking to reduce email risk.
Implementing an Email Policy within the Organization
An effective email archiving solution makes implementing and maintaining an email policy very easy. Email archiving solutions today do much more than simply store emails; the right email archiving system allows companies to easily manage their electronic data, define and enforce corporate email policies, review employee emails, comply with regulations, and be prepared for legal discovery. Therefore, an email archiving solution with all these functionalities is a solid return on investment for organizations implementing a solution for surveillance purposes. Such a solution also allows organizations to comply with the SOx which requires companies to report the effectiveness of their internal controls for financial reporting in their annual reports. This means that in addition to protecting the privacy of their email, a company has to be able to explain how and why their email is sufficiently secure.
Choosing the Right Email Archiving Solution
The first step to picking a suitable solution for your organization is to decide whether to go with an in-house or hosted email archive. To implement an email archive in-house, an organization must develop or purchase the appropriate software according to business requirements and buy the corresponding hardware. With the large, and growing, amount of email data that most organizations send and receive, the organization must be prepared to expand their storage hardware as needed. Additionally, a lot of time must be invested to train IT staff to run, maintain, and monitor the application.
In-house email archiving solutions typically use a dedicated server-based approach that copies all email from the message store into an archive. Some solutions also require that software be installed on all PC clients to facilitate searching and retrieval. Although in-house solutions offer a high level of control and data security, as well as convenient integration with other systems in the organization’s existing infrastructure, these solutions can be costly to acquire and often require dedicated, skilled personnel to maintain.
Alternatively, an organization can opt to outsource their email archiving to a specialized service provider. A hosted solution allows a company to archive their data at a third-party location, reducing the burden on internal IT resources. Outsourcing also allows a company to avoid substantial hardware and software cost and alleviates the inconvenience of maintaining an archiving system. A major disadvantage with some hosted solutions is a lack of data security. A firm may expose itself to security breaches by storing confidential email data at an external third-party location. Today, however, some outsourced solutions have addressed these security concerns, and can offer the same level of security in-house solutions do, but without the unpredictable expenses. Also, outsourced service providers can have the archiving system up and running in days when in-house solutions, typically, could take months to deploy.
Summary
The rise of email has meant improved business communication. However, it has also increased exposure to risk, led to the creation of stringent laws and regulations, and exposed businesses to detrimental lawsuits. By reviewing electronic communications, organizations can reduce their exposure to risk. An effective way to monitor employee mail is to incorporate email surveillance into an organization’s email policy. This can be easily done by implementing an effective email archiving solution. A good email archiving solution should provide a company with access to end-users’ entire email histories, the ability to monitor email content, and easy-to-use policy-formation capabilities.
Today, there are a variety of archiving solutions available for businesses to implement, but the first step towards making an informed decision will typically be whether to go with an in-house or an outsourced solution. Although there are some advantages to an in-house solution, an outsourced solution provides important benefits such as a lower cost of ownership, guaranteed offsite protection, a dedicated professional archiving team, and expertise. It must be noted, however, that not all outsourced solutions are the same; a thoroughly managed email archiving solution protects the privacy and integrity of email data while making sure that only authorized users have the ability to access it when it’s needed.
The Fortiva Archiving and Compliance Suite is a perfect example of such a solution. Fortiva offers a fully managed email archiving solution for mailbox management, regulatory compliance, and legal discovery. The Fortiva approach allows a company to outsource its email archiving functionality with assurance and without worrying about a third-party gaining unwanted access to its confidential data. With its combination of advanced technology, experience-driven best practices, and knowledgeable professional services staff, Fortiva makes third-party cost containment and performance guarantees possible. With the Fortiva Archiving and Compliance Suite in place, for the first time ever, you can outsource your email archiving without compromising on corporate security, privacy, or control.
|
|
|
|
