| Ample media attention has been focused on | | | | survey by the American Management Association |
| security issues such as viruses, phishing attacks | | | | and ePolicy Institute (Workplace E-Mail and Instant |
| and theft of sensitive customer information from | | | | Messaging Survey,) 60 % of American |
| large databases. The proliferation of Spyware and | | | | Companies use software to monitor the content |
| Malware (malicious software) has also garnered | | | | of inbound and outbound email messages (3).Email |
| media attention. Another major, yet seldom | | | | containing everything from inappropriate language, |
| discussed threat which goes on largely ignored | | | | file types and other data are often flagged by a |
| outside the IT community is the theft and | | | | company's IT Department. While monitoring |
| redistribution of email.To make a product which | | | | employee email can reduce a company from |
| best addresses the quiet rise in email thuggery, | | | | liability, this policy can have a different, malevolent |
| sometimes we have to think like a criminal or | | | | result. In a worst case scenario, unscrupulous IT |
| mal-doer. How would these digital thugs hunt for | | | | insiders may be tempted to gain access to a |
| Personal Identifying Information (PII), company | | | | company's email logs, thereby compromising |
| assets or secret email conversations intended to | | | | executive and other departmental |
| be read ONLY by the recipient? Consider this | | | | communication.Interception at the ISP Server - |
| article a security instructional on how-to get inside | | | | While most Internet Service Providers (ISPs) |
| the mindset of those "bad guys."Your occupation | | | | have very sound security policies regarding access |
| influences the number and type of emails you | | | | to their servers, it is possible for an ISP insider to |
| create and send each day. Most of the email you | | | | get a hold of your email and attachments. Your |
| send contains harmless, benign material that you | | | | email is stored in a queue for a split second while |
| wouldn't mind anyone else reading or sharing with | | | | being transferred from server to sever on its |
| others. However, there are portions of your online | | | | way to your recipient's inbox. In most cases your |
| communiqué each day that probably | | | | emails are deleted as soon as they arrive at the |
| shouldn't be forwarded. These messages and | | | | next stop. As in the previously mention "Company |
| attachments contain information that if stolen and | | | | Scanning" scenario it is just as plausible that your |
| or re-distributed could harm yourself and/or your | | | | email could be hijacked by a malicious ISP |
| business. The following are just some ways a | | | | employee who decides to mirror all of the ISP's |
| thief could intercept your email.Interception of | | | | contents on his or her own server. This may be |
| your wireless signal - If you use an unencrypted | | | | of particular concern when sending email to |
| wireless to log-on the internet or your local | | | | countries that do not enforce individual privacy |
| server, you are running a high risk of having your | | | | protection policies.Cross-Border Interception - |
| information stolen. The majority of wireless | | | | When emailing internationally there are few legal |
| networks are completely unsecured.Although it | | | | safeguards to keep your email and attachments |
| only requires a click to enable wireless security, | | | | from being stolen. In many developing nations |
| most users do not encrypt their wireless | | | | your proprietary information could provide a |
| transmissions. Intercepting these unsecured | | | | financial windfall for the employees of the local |
| messages is trivial, making it easy for hackers to | | | | ISP. Your email will likely reach your recipient but it |
| gain access to email as well your files stored on | | | | have also have been copied, sold or sent |
| your laptop.Be cautious of local hotspot | | | | elsewhere. Without added security measures, |
| café. Hotspot hijackers may also utilize | | | | neither you nor your company will have |
| wireless networks to insert viruses, spy-ware, or | | | | knowledge of the ill-effect until the damage has |
| malware on the computers of those who connect | | | | been done.If foreign laws do not allow your |
| unsecured to the hotspot network.Access to | | | | recipients to install encryption software, find |
| your email account is stolen - Once and outsider | | | | another way to transfer your important |
| has gained access to your email account, they not | | | | information.Diligency About Your Online Safety |
| only have access to all of your messages (and | | | | Pays - Hackers, digital thieves, thugs and general |
| potentially your on-line passwords) but can also | | | | internet mal-doers strive to intercept your email |
| use it to distribute spam, viruses and other | | | | with the goal of financial gain or to cause havoc. |
| harmful information that appears to come from | | | | Avoiding them will inevitably save your company's |
| you. Three methods are typically used by | | | | assets. Staying abreast of the newest ways to |
| outsiders to gain access to your email account:1.) | | | | steal your PII and paying attention to Security |
| Theft via interception | | | | and Technology news in general is key to a best |
| 2.) Password cracking | | | | practices business policy.SMBs (Small and Medium |
| 3.) Key loggersYour email password and | | | | Businesses) in the technology sector are seeing |
| username can easily be intercepted if you log-in | | | | security and encryption as the forefront of their |
| via an unsecured connection. To ensure that you | | | | IT priorities. In July 2005, Forrester Research |
| are logging-in securely, look for the https: prefix | | | | released its SMB findings after surveying nearly |
| on the web address. Doing so will greatly reduce | | | | 800 technology decision-makers on their IT |
| the possibilities for password interception.If you | | | | services priorities. Among Forrester's findings, 71 |
| use a simple password consisting of a single word | | | | percent of SMBs will buy security software, |
| that exists in the dictionary, your email can be | | | | similar to the 75% that said they would invest in |
| easily hijacked. If they want your information bad | | | | 2004 (4).Isn't SBRM (Small Business Rights |
| enough, motivated hackers can either guess it or | | | | Management) Expensive? - Compliance as it |
| crack it by using software tool to try every word | | | | concerns digital data is finally catching up to the |
| in the dictionary until access is gained.The best | | | | widening commercial sector which is highly |
| way to prevent password cracking from | | | | impacted by the success of small businesses. |
| happening is to choose a strong password which | | | | Small firms dealing with compliance issues can turn |
| is a combines different cases, letters, numerals | | | | to specific SBRM solutions to bridge the gap |
| and symbols such as "4JeIw#Tr&2".Diligent email | | | | between staying current with industry regulations |
| hackers can also gain access to your email by | | | | and staying in business. ERM (enterprise rights |
| installing key-logging software on your computer. | | | | management) software has itself has begun to |
| Key-logging software silently records all of your | | | | slim down in price in acknowledgement of the |
| key strokes and sends them to an interested | | | | budgetary constraints of small businesses. Current |
| individual or group. Your usernames and | | | | SBRM software can be as vastly robust as |
| passwords can be parsed and then used to steal | | | | common ERM solutions, but as they are specified |
| your on-line access to your email, credit card, | | | | for the needs of smaller business entities, are |
| bank information, shopping accounts or any other | | | | more affordable too.Using encryption will ensure |
| means of PII (Personal Identifying Information). | | | | secure transmission when sending email. However, |
| The best means to thwarting key-login is to use | | | | the best way to prevent your email and |
| anti-spyware and firewall protection and always | | | | attachments from being intercepted and |
| keeping them up to date.Insider leaks and | | | | redistributed is to use Digital Rights Management |
| Redistributing Sensitive Content - Employees are | | | | (DRM) software, which is often described within |
| the leading cause of corporate security breaches. | | | | the business sector as Enterprise Rights |
| According to a 2005 study by the FBI and CSI.(1) | | | | Management (ERM). DRM for the Enterprise and |
| Insider abuse accounts for approximately 50% of | | | | Small Business sectors gives content authors the |
| all security breaches. You may only have to look | | | | power to determine how recipients may use their |
| out across your SMB's office to see a digital thief | | | | email and documents. For example, senders can |
| among you.The Ponemon Institute's "Survey on | | | | prevent unauthorized distribution (no forwarding, |
| Data Security Breaches" reveals that 69% of all | | | | printing) and prevent unauthorized editing (no cut, |
| serious data leaks occur as a result of employee | | | | copy, paste) of content, i.e. copy prevention.When |
| activities, whether intentional or unintentional (2). | | | | taken into account, the countless hours put into |
| Of those leaks, 14 % involved intellectual property | | | | building your company, protecting your company |
| including software source code. Other findings by | | | | assets from online thugs is a necessary tool to |
| the Ponemon institute cross into business-client | | | | ensure your business survives from this year to |
| best practices area and are as follows:* 39 % | | | | the next.- - - - - - - - - -End Notes:1.) Gordon, |
| involved confidential business information. | | | | Lawrence A., Martin P. Loeb, William Lucyshyn and |
| * 27 % involved personal information about | | | | Robert Richardson, "CSI/FBI Computer Crime and |
| customers | | | | Security Survey" July 2005, 13.2.) Ponemon |
| * 10 % involved personal information about | | | | Institute - as cited by DRM Review), "Leading |
| employeesDissemination of sensitive information | | | | Cause of Data Security Breaches Are Due to |
| can happen all too easily. An accidental click of the | | | | Insiders, Not Outsiders" DRM Review February 10, |
| "Forward" or "Reply All" button can send | | | | 2005 December 1, 2005.3.) Virginia Business |
| proprietary information to unwanted | | | | Magazine Online "Email Snooping" May 2005 Issue, |
| parties.Interception on Your Company's Network - | | | | Virginia Business Magazine, December 1, 2005, |
| Many companies do not have security protocols in | | | | Michael Speyer, and Liz Herbert, "Software And |
| place to prevent the interception of interoffice | | | | Services in the SMB Market - Business |
| email. Before email is transferred to the internet it | | | | Technographics," Forrester Research. - - - - - - - |
| typically travels through the corporate intranet | | | | -Ms. Veniegas is an alumni of the University of |
| first. If your local network is not secure, it is a | | | | Washington Marilee joined the Marketing team at |
| trivial matter for an employee with packet sniffer | | | | Essential Security Software, Inc. in 2005. She also |
| software to intercept all of your intra-network | | | | serves as one of the ESS site editors for I Want |
| communications.Company Scanning of Outbound | | | | My ESS! a stolen work and SMB resource site. |
| and Inbound Email Content - According to a 2004 | | | | |