Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Maine Seed Company Website Hacked: Demonstrates SMB Vulnerability & Questions Hacker Safe Seals | Main | FTC's COPPA Report Recommends Larger Penalties and More Education »

Office Email Systems Are Not For Personal Use: Common Sense Reminders For Your Employees

Sunday the New York Times printed a nice article about email privacy and monitoring, "The Risk Is All Yours in Office E-Mail"

Most of it is common sense, or should be by now. When you use your company's email system, do not expect any privacy for your messages.

It is their system; it is their domain; they own it and maintain it; in the U.S. companies can monitor all email if they have policies in place indicating they may monitor messages; do not do stupid things with email.

Do not send threatening messages, love letters, spoofed messages to look like they came from your CEO, messages that are illegal or used in commiting a crime (which of course you shouldn't do any way), or any of an infinite number of things that employees have actually done with email messages.

Also it is not a good idea trying to use your web-based personal email accounts (Gmail, Yahoo, MSN, etc.) from your company's network; Internet transmissions can also be monitored.

Tags:              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on March 4, 2007 8:37 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/335

Comments

I have to ask if you heard about the Port of Seattle Police email scandal that took place back in January? It is a prime example of the email privacy discussion in this post. I'm not sure what some employees are thinking when they send inappropriate/sexual/offensive/etc. emails from their work accounts... This is especially disturbing when you hear about a police department committing such heinous acts!

Posted by: Mila | March 6, 2007 8:06 PM

No, I had not seen this...thanks for the great example, Mila!

Yes, it is absolutely amazing to me the types of messages folks send using their corporate email. Typically I see this type of inappropriate email within SMBs more than in the larger companies, which often have more email monitoring in place, and more policies addressing inappropriate email.

Your Seattle Police example demonstrates that no type of organization is immune from doing very bad and stupid things with email systems.

Reading about them made me think of the show The Office. Every week they show multiple types of completely inappropriate activities by the office manager as well as by the other employees. While the show is very funny, it is also very sad to know that those types of actions and activities actually occur quite often.

Inappropriate use of email systems, and wildly inappropriate messages, can get a company into very severe trouble in many different ways.

Posted by: Rebecca | March 7, 2007 11:01 AM

I think this is due to a general lack of employee awareness in regard to security. An average person might not realize that everything they do on a work computer can be monitored.
I'm actually from Seattle myself, so that story really hits home for me. It's so shocking when a system that is supposed be working to PROTECT you engages in this type of inappropriate activity or suffers from a security breach.

Posted by: Mila | March 7, 2007 1:43 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.