Getting your co-workers to adhere to policies that govern the use of email in the workplace can be tough. Despite your best efforts, email is still used to send jokes, chain letters, pictures, slide shows and other inappropriate content.

For whatever reason, people don’t quite get that not only are email policies in place to protect them and the company brand, but there are consequences for violating these policies. Unfortunately, the only time when people begin to comprehend just how serious email policies are is when it is too late.

Continue reading Email Scandals That Should Make Us Think Twice

In just one week Google, the International Monetary Fund and Citigroup have all made headlines as a result of email associated with them being under attack. The reason we continue to see companies make the news as a result of email attacks is that email security is sometimes ignored when it comes to training users properly and making good decisions. In some cases, having the latest and greatest when it comes to security tools even creates a false sense of security that causes us, and our users, to overlook the little things. A multi-layered defense that has been properly configured with all the best technology can be rendered useless if the little things are forgotten.

Continue reading 5 Simple Mistakes When it Comes to Email Security

Developments in cloud based computing have shown quite a bit of excitement and promise, especially when it comes to small to medium sized businesses. Those who evangelize the cloud will often cite the many benefits of moving to a cloud based email service. The litany of favorable reasons to examine moving email services off site that are oft quoted fall into line with the reasons used to move to any new technology:

• Ease of scalability
• Ease of software updates
• Email access anywhere
• Better disaster recovery
• Ease of implementation
• And of course, reduced costs

So when a vendor, or even someone in your own organization, throw these at management looking to save money and increase productivity then it seems like the question moves from why should we move to the cloud? to why has it taken us so long to move our email to the cloud?

Is it really that easy?

Continue reading 4 Considerations for Cloud Based Email

Just about every business organization is aware of the need to archive email for compliance purposes, and many understand how an effective email archiving solution can help reduce the amount of resources wasted by the company’s mail server(s).

Unfortunately, the new wave of employees doesn’t quite get that. According to a recent study of how younger employees use corporate email, businesses could find themselves at risk due to the social media savvy employees who find corporate email too restrictive.

Continue reading The Problem of the Tech Savvy Workforce

With so many businesses still trying to figure out how to leverage social media in the workplace, email continues to be the primary method of communication among employees. Whether they are communicating with co-workers, managers, customers or distributors email still reigns supreme. In fact, 94 percent of all American Internet users send or read email every day according to the Pew Research Center. In the workplace it is estimated that workers spend 41 percent of their day handling email according to the Radicati Group.

While email is still a primary means of communication among people in the workplace, many businesses fail to put in place a policy that governs how employees use email while they are on the clock. Business owners or IT managers tend to overlook laws and regulations that dictate how email should be used and stored. In small-medium sized businesses there is less of a perceived need for a email policy because employers sometimes don’t see the need to regulate things such as email and Internet use. Unfortunately this can land them in legal trouble.

Continue reading Five Things Your Email Policy Needs to Have

Recently a close family member spent some time in the hospital. Luckily everything turned out okay and they have since returned home. But while there I noticed that the hospital staff was very rigorous in their guarding of patient’s privacy and of their records in particular.

Only immediate family members were understandably allowed to be in the room. Information was freely given which helped us to understand our family member’s illness. But never were any hospital records left in our view. And even at the nurse’s station all records and patient related information were out of view.

All medical documents have to be completed and protected as per the laws which govern patient’s privacy. And anything electronic must also meet requirements and standard for the medical industry. Likewise, email for that field must conform to rules and regulations that protect patient information.

Protection and compliance with privacy laws is not just for the healthcare field alone. All email administrators must be aware of the email laws and regulations that are specific to their own business fields as well. Luckily there are many technologies that can be used for the various industries. Those technologies include:  authentication, encryption, content filtering, hardened message server software, and archiving, as well as anti-spam and anti-virus software.

Continue reading 5 Email Compliance Mandates and Regulations

Email administrators can add compliance to their list of growing costs on their budgets, according to a report released recently by the Security for Business Innovation Council, which is a group of security executives from companies in the Global 1000.

The report, “A New Era of Compliance: Raising the Bar for Organizations Worldwide,” maintained that a new compliance landscape is forming, one that will be driving up costs and risks for businesses around the world.

“As the compliance landscape gets more complex, demonstrating compliance gets more time consuming and costly,” it said.

Four trends were identified in the report as factors driving organizations to take their security responsibilities more seriously than they have in the past.

1. Strengthened enforcement.
2. Global spread of data breach notification laws.
3. Increasingly prescriptive regulations.
4. Growing business partner requirements.

Continue reading Compliance driving up security costs, report says

More and more companies are finding themselves in the crosshairs of lawyers filing lawsuits against them. That’s become a concern for electronic information managers because the first thing those legal beagles want to sniff is a company’s data stores. That means anything stashed on your Exchange servers is fair game for them. Previous versions of Exchange were weak in preserving data to meet the “discovery” demands generated by lawyers or regulators. Microsoft has changed that, though, with Exchange 2010.

With the arrival of that version of Exchange, administrators at last have a way to preserve documents  that might be needed to fulfill legal obligations imposed on them by outside forces. Placing a hold on a mailbox preserves a user’s deleted and edited items, including email messages, calendar entries and tasks. The hold applies to both the user’s primary mailbox and archive mailbox.

In the RTM version of Exchange 2010, the only way to implement a litigation hold was through the software’s shell structure with a statement like Set-Mailbox -identity “Name” -LitigationHoldEnabled $true. With the arrival of the SP1 beta of the application, though, holds can be created through the Management Console or Control Panel.

To set up a hold using the Console, you go to a mailbox recipient’s configuration and right click on the mailbox to access its properties. From the properties screen, you drill down to the properties settings for the Messaging Records Management item. There you can activate your hold by checking the box beside Enable Litigation Hold. You can also add a URL for a web page describing your organization’s policy governing holds, as well as any comments you may want users to see when they access their mailboxes after a hold has been imposed on them.

Continue reading Exchange SP1 won’t trash your important stuff

In their February 2009 email blog for Travis County, Texas, written by Steven Broberg and Shawn Malone, as government records managers for Travis County, they were debating how best to create an email policy which would support over 4000 end users without adding more confusion about state directives and standards on records retention policies. They proposed three general directions for their email retention policy and asked readers for their feedback.

As I have seen in many enterprises, and as the authors have also noted in their blog, there is always resistance to change that will be encountered anytime new ideas are proposed especially in large enterprises where business processes that are not broken will be defended as not needing to change.

One of their options, “Maintaining the Status Quo”, offered the least resistance by end users to accept as a general direction for records management. And it was also, of course, the least costly. If end users are at the front end of this direction – and also the endorsers – then the back end opponents included: security specialists, lawyers, vendors, NARA, TSLAC, etc.

With option one it is very unlikely that the company could maintain that mode as sooner or later there would be a need for email records that would be the subject of electronic discovery procedures and legal litigation. “Maintaining the Status Quo”, in my opinion, is not a viable option but merely one to list as a possible, though not probable, general email retention direction.

Their second option was to allow every employee using email to be their own records keeper. This direction would include publishing a records management set of rules and guidelines that all email users would have to adhere to. And to assist the employees in staying within the guidelines of a company’s record management policy the IT department would provide tools and training. Continue reading E-Discovery Record Keeping

In Steve Bailey’s blog, http://rmfuturewatch.blogspot.com/, the author has written about his recent attendance at the European Conference on Archiving (ECA) in Geneva in April, 2010. Steve has observed that in previous years at the conference most discussions were about the technical complexities of digital archival, the many different approaches to digital archival practices and the ensuing problems associated with false assumptions.

In earlier years Information Records managers were also concerned with the durability and shelf life of digital media as compared to earlier technologies and referenced against the famous Domesday Book and our electronic counterparts of today.

This year, at the ECA, it was reported to have a different atmosphere with more conversations and subjects revolving around case studies further suggesting that the challenges of archiving digital content material have been met and are almost of a “routine” nature these days. So the question of “can” or “how” do we preserve data without future data loss – and this is of concern to email administrator and IT departments – is now a question of the past.

For email administrators and records managers the concerns of how do we protect our company from not losing data has been replaced with the concern of how do we manage this huge amount of data where no data or emails are in danger of being lost anymore. Indeed, new technologies such as cloud computing are allowing administrators to ask for new tools to help them manage this soon to become massive amount of data that is coming at them like a tidal wave of information that is growing exponentially.

In his blog post on this subject, Steve Bailey, raises the eight-hundred pound gorilla in the room question of what about the growing impact of the cloud and of how safe is it to have your company’s data, emails, company confidential information, etc. stored in the archives of the cloud. More so, he raises the question of how long before they lose that control and what happens then.

I agree with him that these are issues that records managers must plan for when they and their IT departments are working out the details during the initial planning stages of the who and how of data storage as it relates to a company’s data whether it be for emails, their attachments or much larger documents. Continue reading Record Keeping Maturity