-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 12:50 AM 2/12/2003, laurence field wrote: >I would like to get feedback on the quality/usefulness >of email content monitoring tools available on the >market. > >Our problem: We need to identify users and monitor >email content (scary) as some staff are sending >"gossip" to the press about our public internet system >reliability, pending IPO gossip / info etc. which then >escalates to professional bodies / governments whom in >turn start formal investigations - all over an >email!!! (we are a financial company).
There are some key issues here apart from how well e-mail content monitoring work that deal with the effectiveness of this solution to address the stated problem(s). You are assuming the employees are using your corporate e-mail system to send these messages. They could be sending the e-mail from home, using an external mail system from the office (e.g. web-based mailer like Yahoo), using a chat client, message board, newsgroup, etc. For that matter they could be using non-electronic means as well, including direct contact. Or, they could be encrypting the contents of the messages even if they are indeed using the corporate mail system. If any of these are being used, no e-mail content filtering on your corporate mail system is going to provide any relief. I'm sure you and others have already considered this and are not looking for a long diatribe about the general issues or the merits of content filtering in general. I mention these issue, however, because I have in the past been in a similar situation and have had to address these issues. Such filtering may provide management with a warm and fuzzy feeling, and it may catch or scare some people, but the bottom line is if personnel are going to leak info, plugging up one hole out of 100 isn't going to make all that much difference. Make sure you have a policy in place regarding dissemination of confidential information and the consequences of breaching this policy. Harsh penalties for disclosure and enforcement by management are good deterrents for casual information leakers. Of course it is also important to limit who has access to this information to begin with - obviously the fewer people who know the less people there are to consider as information leaks when the information appears in the press. Just a few thoughts. Doug -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPkqrNp938qfSpraDEQKvewCgigNhUV4sj6oLH3+Ew3Qc+2vFHNIAnil+ DrgVLP/y4/DnjOGCL5BGHLxX =C/7h -----END PGP SIGNATURE----- ------------------------------------------------------------ This email, and any included attachments, have been checked by Norton AntiVirus Corporate Edition (Version 7.6), AVG Server Edition 6.0, and Merak Email Server Integrated Antivirus (Alwil Software's aVast! engine) and is certified Virus Free.
