COLUMBIA, S.C., July 18, 2005 – – Do you know whos reading the email you sent your top clients? What about the email on the raises for your management team? Or the one you sent your significant other about upcoming weekend plans? Like it or not, corporate America, its very likely someone inside the company other than the intended recipient is reading confidential emails and possibly using the contents in a variety of malicious ways. Business Vitals, an information technology (IT) risk management firm, says its time for senior executives to wake up and smell the coffee and stop putting their companiesand their careersat risk.
“Senior level executives are increasingly dependent on email to maintain key relationships and transfer proprietary information to customers, channel partners, and each other. Contrary to what they might think, if a company is managing its own email, it is highly vulnerable to being accessed by employees who search out or stumble upon vital information and use it as an opportunity to compromise the company,” says Jeff Brewer, president and CEO of Business Vitals.
A recent study by the Ponemon Institute concurs the most likely threat to a companys information security is corporate insiders. The Institutes survey on data security breaches reveals that 69 percent of companies reporting serious data leaks attributed them to either malicious employee activities or non-malicious employee error, compared to 16 percent of data leaks linked to hackers and other external penetration.
Brewer, a former National Security Agency (NSA) systems engineer who has spent more than two decades developing and implementing sophisticated IT security strategies, warns, “These types of corporate security breaches are not an IT issue. One compromised email can ruin a career or a company. Its in the headlines every day. Everyone at the executive level has a stake in securing their organizations IT systems, even something as seemingly mundane as email.”
Brewer says a common misperception is that email messages are analogous to letters in sealed envelopes, when in fact they are more like postcards that can be viewed by anyone. This means rogue systems operators or unintended recipients are able to read executive email, creating a security risk.
Companies can put a stop to this common security issue by outsourcing executive email, Brewer says. While the concept of off-site or outsourced email management isnt new, removing executive correspondence from the rest of the companys email is fast becoming the new “C-level” executive trend. Some savvy corporations are even offering secure executive email as a perk when recruiting senior executives.
Business Vitals is among the first IT risk management firms to offer executive email to its clients. For about per account per month, companies receive a 100 percent guarantee that no person within their organization will see the contents of executive email. All executive email is backed up and stored, even if the account user deletes it, so important correspondence is never lost. Anti-virus and anti-spam protection also is included.
Another trend Brewer sees is companies providing senior executives with two email accounts, one account managed by the company and another managed off-site by an outside vendor and reserved for confidential correspondence. In an age where legislation like Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA are top of mind, this is an attractive offering for security conscious CEOs, CFOs and others in positions of power and influence.
“As much as wed like to trust the people who work for us, there will always be some disgruntled, careless, or bored employees who use their access to IT systems and information to read things they dont have a need to know. And, some may be willing to use the information for personal gain or to damage the company,” Brewer says.
“Whats your brand, your career, or your business worth to you?” asks Brewer. “Many companies will manage their own email because it is viewed as low risk, yet its a companys single largest point of risk. Hands down, outsourcing email to a secure partner is the safest way to go.”
About Business Vitals
Founded in 2001, Business Vitals provides information security consulting and ongoing services that enhance and elevate ITs capability and impact on clients in financial services, healthcare, manufacturing and retail. Business Vitals was recently recognized as one of the top 100 fastest growing companies in the United States by Entrepreneur magazine. The privately held company operates a secure operations center in Columbia, S.C., with consulting offices in Boston, Mass.; Indianapolis, Ind.; and Tampa, Fla.