Employees blind to perils of risky e-mail

Few mortals can resist the urge to pass on juicy gossip or a good dirty joke. But mortals with corporate e-mail accounts should think twice before hitting send.

Most employees who use e-mail at work have sent or received messages that could put their companies at risk. But the vast majority doesn't believe they've ever sent risky e-mails.

That's the key finding of a recent survey commissioned by Fortiva, a Norwalk, Conn.-based provider of managed e-mail archiving products.

Conducted by Harris Interactive, a market research firm based in Rochester, N.Y., the survey examined the e-mail habits of 1,000 individuals, comparing their actual behaviours to their perceptions.

Almost half -- 48 per cent -- of respondents admitted they had sent or received jokes, images and stories containing sexual or "politically incorrect" content. While a majority -- 73 per cent -- says they're aware of corporate e-mail policies, only 46 per cent say they "always" comply.

"It is surprising to us how much people use corporate e-mail systems for stuff they know is probably inappropriate -- but don't perceive it as exposing the company to risk," says Rick Dales, vice-president of product management at Fortiva.

People are aware a joke might be offensive to some -- but not to the friends they sent it to, he says. They fail to consider it may well be circulated beyond the original trusted audience, complete with the original message header identifying the sender's name and company.

Could a company be sued for offensive e-mails forwarded beyond by an employee's recipients? "Anytime you send an e-mail, if the company e-mail address is used and automatic signatures are added, that may be interpreted as official correspondence and you are a [company] spokesperson," says Dennis Kennedy, an IT lawyer and legal technology consultant based in St. Louis, Mo. "[But] this is more of a public relations than a legal issue."

The survey also found that one out of five employees have sent or received a password or log-in information via e-mail. While this may appear to be primarily a security violation rather than an e-mail usage issue, these areas bleed into one another in the context of e-mail communication, says Dales.

"Having separate policies all over the place is an invitation to problems," agrees Kennedy. "If you have an employee manual, e-mail policy, Internet usage policy, computer security policy and so on, odds are they're not going to be consistent and there will be different rules people don't know about. It's better to have one policy that covers all issues."

Although most businesses place limits on the amount of e-mail that can be stored, 41 per cent of respondents say they'd prefer to keep important e-mails indefinitely.

Document retention is not as simple as everyone hoped it would be, says Kennedy. There is nothing inherently good or bad about keeping e-mails for short or long periods of time. "You have to give what a judge decides is relevant," he says. "If you just delete everything, then you're potentially deleting e-mails that are exculpatory or 'good' e-mails. The point is not to delete 'bad' e-mails, but to retain information in accordance with the time period specified in the policy."

However, the more information you retain, the more important it becomes to structure it in a way that you can access, says Dales. "There are pros and cons to storing larger volumes. You need an organized, systematic way not only to manage how long you retain e-mails, but how you get at them."

Wading through large volumes of redundant information is becoming less of a headache for legal teams as e-mail archiving tools grow more sophisticated, says Kennedy. "In electronic discovery, one of the biggest things is "de-duping", which means de-duplicating."

These tools can get rid of the thousands of copies of the same joke or message that have been sent or forwarded in a corporate network. This helps legal teams hone down to the set of documents they really need to review.

With the right tools, says Dales, companies can be more specific about which types of messages should be retained for what periods of time, instead of having a blanket e-mail policy that stores everything for three years, and then deletes everything.

The survey found that the way employees store their e-mail is another area of growing concern that is as important as the content of their messages. About half of the survey respondents who use e-mail at work have saved e-mail outside of the corporate network. E-mail storage limitations may be leading to practices that raise security issues.

People with laptops often save e-mails there instead of at work, or forward messages to their Hotmail or Yahoo accounts, says Dales. "The danger is that if you're asked to produce information, you must gather it wherever it is. Having everyone keep their own blocks of information makes it expensive and risky."

Corporate information that slips out of a company's control in this way can cause problems. "Even if you have a great retention policy, things that escape outside it are still potentially discoverable," says Kennedy. "And people with laptops at home just don't pay enough attention to security, so you open that information to hackers."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rosie Lombardi

Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?