Regulating Use of Electronic Communications
Regulating use of electronic communications
The second part of our data protection strategy is the regulation of our electronic communications channels including e-mail and instant messaging (IM). For the latter technology, we use Symantec's IM Manager to protect against IM-related data leaks. The solution requires our employees to apply for IM privileges, as well as go through an application process when they want to add a contact to their profile. This helps us provide the real-time communications tool only to people that need it within their job function or to others who have gone through a similar qualifying process.
Open-source IM applications can serve as major data vulnerabilities because newer versions enable users to transfer files to others without having to pass through the corporate VPN or firewall. IM Manager gives us these assurances and enables us to address this emerging enterprise challenge.
E-mail tends to be a trickier platform to manage because the company is so reliant upon it. Any overbearing policy instilled for e-mail can have serious productivity consequences so we try to keep our e-mail server rules rooted in common sense. Here are two basic ones I can share:
Rule No. 1: We identify certain workgroups with certain file formats (for example, accounting with Excel) and prevent users from sending files in formats other than those with which they work. We've also fine-tuned this rule to include certain types of information included within e-mail messages. For instance, a marketing person's e-mail would be disabled if they tried to send an e-mail message containing Social Security numbers or other Personally Identifiable Information (PII).
Rule No. 2: We also disallow e-mail strings that have multiple reply prefixes (RE:). This type of message is often associated with malicious activities so we prefer not to expose our infrastructure to them.
During the aftermath of economic uncertainty and massive layoffs, poor data security brings the risk of permanent damage to company viability and industrial competitiveness. The difference between market leaders and also-rans is razor thin, so it is more critical than ever to be able to control who has access to sensitive information. A thoughtfully layered security approach that protects information at the information level has proven effective for Sterling-Hoffman and has benefits for enterprises across all industries.
Angel Mehta is Chief Executive Officer of Sterling-Hoffman Executive Search. Prior to Sterling-Hoffman, Angel worked in business development with CRM-software leader Siebel Canada where he established strategic alliances and managed partner relationships. Angel is also a leadership speaker who gives keynotes and motivational seminars at various business schools and conferences across North America. Angel is founder of the Enlightenment Project, an essay competition designed to foster self-awareness and leadership skills for children in Third World countries. Angel has a Bachelor's degree from York University in Toronto. He can be reached at firstname.lastname@example.org.