The key to foiling internet and e-mail threats to your enterprise lies in having a secure content-management plan. By Adam Barnard
Rare these days is the company that has not benefited from use of the internet and e-mail. But such usage also has a dark side, with threats of litigation, compromised intellectual property, employee abuse of access privileges and lost productivity.
Apart from the time wasting and cost of employee abuse of access to e-mail and the internet, the potential liability of directors in the context of operating in the electronic environment must be taken into account.
In a recent paper entitled “Board Responsibility for Protecting Information Assets”, specialist IT law practitioners from Freehills commented that the introduction of three relatively recent pieces of legislation had substantially raised the bar as far as directors’ duties are concerned. These new rules are the Privacy (Private Sector) Amendment Act 2000, the Cybercrime Act 2001 and Corporate Culture Offences in the Commonwealth Criminal Code.
According to Freehills, a company operating in the electronic environment faces a number of risks:
- Breach of contract.
- Liability in negligence to persons who stand in a special relationship.
- Vicarious liability for wrongful actions by employees.
- Accomplice to cybercrime.
- Criminal offences under the corporate culture provisions.
- Privacy Act breaches.
In essence, directors have the obligation to take reasonable steps to prevent an IT security breach and face potential prosecution if they fail to do so.
And the risks don’t end here. Consider the potential cost to your organisation if commercially sensitive information or mission-critical intellectual property got into the wrong hands.
As if these threats are not enough, the issue of “denial of service” is starting to rear its ugly head. A hacker may use your company site as a “zombie site” to aim at a third party. That third party would have an action against your company, whether you have a business relationship or not. In another example, a supplier could face a “denial of service” action where it is not able to deliver services and its customers suffer as a consequence.
What is on offer
Enter a new concept: secure content management (SCM).
There are three elements to SCM: protection against the threat of computer viruses, management of employee internet usage and scanning of e-mails.
Until recently, these elements were fragmented. According to Worldwide Secure Content Management Software Market Forecast and Analysis, 2002-2006: Vendor Views, produced by respected IT industry commentator IDC, the future in this area lies in integrating elements of secure content management under a single point of contact. “Customers are increasingly asking for a single point of management for SCM solutions that can provide a consolidated, centrally managed console for alerts and updates, aggregated logs, common policy engines, and, most important, a lower cost of administration.”
And, given that technology is of little use without an appropriate governance policy, any secure content management technical solutions must be complemented by the right procedures and audit practices.
Freehills offers this useful checklist:
- Undertake a review of the company’s IT measures, technological and procedural.
- Establish an IT security board committee.
- Adopt policies and procedures to govern the use of the technology in a secure manner.
- Train all staff in the use of the technology and compliance with the policies and procedures.
- Have a business continuity plan in place.
- Have an episode management/forensic plan in place.
Companies considering how to protect against the threats associated with possible breaches of information integrity should:
- Identify all potential information risks to the enterprise.
- Evaluate existing protection infrastructure (virus protection, internet filtering, e-mail scanning, information policy) against each of the individual risks identified to ensure that all possible scenarios are covered.
- Consider implementing an SCM policy and procedures plan to ensure solutions are integrated and effective.
- Put in place a formal SCM review system, to make sure existing threats and new ones as they arise are evaluated and eliminated on a continuing basis.
How not to
There’s no rush
This month’s most bizarre R&D award goes to psychology professor Regina Conti who is looking into procrastination as it relates to holiday preparations. Based at Colgate University in the state of New York, Professor Conti is researching why, for example, people wait until the last minute to buy gifts, send cards and prepare meals. Why do they agonise until Christmas Eve working out what presents to buy and then madly rush into the stores? What is the motivation behind this behavior? Is there a cure? Who cares?
Make yourself at home
The award for the most careless managers goes to the people running the BBVA bank in Lerida, Spain. Police said they had to stand guard outside the branch for several hours after employees left for the day without closing the door. A passer- by telephoned police to tell them that the door had been left open. Police officers had to wait there until an employee returned.
Did it have your name on it?
Thieves who pinched a red carpet outside a swank Zurich hotel are runners-up in the award for bad planning. The crooks made off with the expensive 4.3-metre wool rug in the dead of night even though it was screwed down. One question: what are they going to do with it? Zurich police have asked anyone stepping across a red carpet with “Welcome to Atlantis Hotel Zurich “in blue letters to call them.
The bad planning prizewinners are Andre Fernandez and Joseph Ruggiero, both 19, from the state of New York, who were charged with smashing up a police car in the town of New Paltz. The windows and lights were broken, the roof was dented, radio wires were cut and the side view mirrors were removed. Trouble is, the young men took photos of themselves destroying the car. When a woman in upstate New York got the photos by accident, because of an error at the processing lab, she passed them on to the police. The pair couldn’t explain why they had taken the photos.
The award for poor service goes to that society that prevents cruelty to animals. A cat was chosen as a Christmas present by four excited boys. It was whisked off to be neutered, vaccinated, wormed and rid of fleas. Inquiry was made on the day appointed for pick-up. “Yes, your cat is ready.” On arrival: “Sorry. He ‘s still groggy. You could come back in two hours.”
Two hours later, the attendant arrived with the cat, which promptly squeezed out the side of the box provided by the society (for $8.25) as it hadn’t been properly assembled. After the great cat scramble across the foyer, with dogs barking and people staring, the four boys managed to squash the cat back into the (properly assembled) box. The nurse was to give the run-down on cat care and management. After another 15 minutes or so, she appeared and announced that he had to be vaccinated (they’d only had three days to do it, after all) and whisked him off for another 15 minutes.
The cat-care lecture consisted of being informed that “he is quite distressed after his vaccination”. He proceeded to pee in the car on the way home (leaving a great smell) and at the first opportunity squeezed his head out of the collar provided (included in the price), leapt over the back fence and hasn’t been seen since.