Many US firms hire staff to read employee email

20 Jul 2004

More than 30pc of companies in the US employ people to read the contents of outbound staff email, a new survey from Forrester Consulting has indicated. The practice is even more widespread in large corporations, with 43pc of these organisations engaging in the practice.

The survey, conducted on behalf of Proofpoint, a provider of anti-spam and virus protection software, has revealed high levels of suspicion and concern among senior corporate executives in the US that sensitive company information is being passed to outsiders. Survey respondents cited confidential memos and intellectual property leaks as the main fears around outgoing email among large companies. Interestingly, worries about vulgar or offensive content fall much further down the list of concerns.

Adding to this atmosphere are the increasing legislative burdens now being placed on companies; respondents admitted to being concerned that outbound emails from their organisations comply with industry-specific regulations such as Sarbanes-Oxley and HIPAA. “While a great deal is known about inbound message-borne threats – including spam and viruses – relatively little attention has been paid to the issue of outbound email content,” the report said.

An additional 9.3pc of companies said they intend to begin hiring staff to monitor outbound email in the near future. Of the large companies surveyed, this percentage rises to 12.8pc. One third of companies reported that they conduct regular audits of outbound email content. This practice is again more prevalent among larger companies, with the figure rising to 38.5pc.

In addition to the manual processes, the survey asked respondents about their deployment plans for technology that monitors outbound email. The results indicated that large companies are more likely to have deployed these technologies.

More than half of those surveyed said that they use the outbound email compliance or monitoring features included in anti-spam software. Depending upon the software in use, these features range from the basic – such as allowing small attachment sizes only – to the more sophisticated such as detecting keywords or information patterns.

Messaging security systems are the next most popular technology, with 47.1pc of companies reporting that they have deployed technology for secure or encrypted messaging, which would be commonly used to encrypt sensitive content, for example protected health information or financial data that needs to be sent by email.

Just over one third of respondents said they have deployed technology for detecting vulgar or offensive content in outbound email messages, which would appear to suggest that workers sending rude jokes or pornographic material is less of a concern than the potential flight of valuable intellectual property or company secrets.

Almost three quarters of large corporations referred to outbound email risk mitigation as “important” or “very important” over the next 12 months. In heavily regulated sectors such as financial services and insurance, this figure rises to 95pc.

More than 92pc of respondents indicated that it was “important” or “very important” to have outbound messaging compliance technology integrated with inbound anti-spam and antivirus software.

By Gordon Smith