Monitoring of Workers Email Jumps by The Associated Press

June 13, 2007 / in News / by RPost

Monitoring of Workers Email Jumps Says The Associated Press

Jane Terry has done more than her fair share of email policing.

As president of Santa Ana, Calif.-based manufacturer Ajax Boiler Inc., Terry has on two occasions caught employees breaching network security. While testing a new company software system, she stumbled upon a staff member bringing a rival’s proprietary information into Ajax’s system. Terry spent $6,000 fixing that problem, and hundreds more when a senior manager at the 100-employee company hacked into the network of a former employer, with whom he was involved in a lawsuit.

“We found him reading the HR manager’s email,” said Terry. “He was involved in a lawsuit and was probably looking for information on it. It was unbelievable.”

Both staff members would have escaped notice if it weren’t for a recent upgrade to Ajax’s security software. The product, made by Vero Beach, Fla. -based SpectorSoft Corp., essentially records everything employees do on their computers including Web sites they have visited, time spent looking at a site, emails they have sent, and more.

The greatest risk to company security now comes from within, security analysts say. In the past, the threat has been mostly from spammers and hackers. Employers are increasingly relying on advanced software to protect their systems against the new threats.

The market for such security systems is predicted to grow to $2.8 billion by 2010 from $919 million in 2005, according to research firm IDC.

As monitoring technology becomes increasingly sophisticated and widespread, some argue that employers should respect their workers’ privacy.

“Businesses have their concerns, and they’re legitimate,” said Jeremy Gruber, legal director at the Princeton, N.J.-based National Workrights Institute. “But what we need is regulation. We need to see companies balance their concerns with their employees’ privacy.”

Even well-meaning employees can cause data-security problems. According to the Privacy Rights Clearinghouse in San Diego, earlier this year the personal information of 302 households — including names, addresses, birthdays and family income ranges — were posted on a public Internet site several times over a five-month period when employees at the U.S. Census Bureau tested new software while working from home.

Employees breaching another company’s network — as in Terry’s case — also put businesses on the defensive.

“Monitoring is becoming more prevalent now than it has been,” said Gartner analyst Peter Firstbrook, adding that both the insider threat and compliance issues are driving the growth. “People sending things to themselves or stealing intellectual property is a real concern.”

That’s why analysts say that it is important for businesses to keep up with what’s new and pick technology that can monitor, filter, block access to inappropriate Web sites and purge emails and instant messaging systems.

“You want to monitor your existing technology, but you need to stay up on what’s new — especially if you have a young work force,” said Nancy Flynn, executive director of the ePolicy Institute.

Redwood City, Calif.-based software supplier Clearswift, with about $50 million in revenue a year, sells products that monitor email and Internet connections. Some applications can detect credit card and Social Security numbers in an email message, a spreadsheet or an attached Word document; others limit accessibility of certain documents to a specific number or group of people.

“We can help stop the outbound threat,” said Alyn Hockey, director of product management at Clearswift’s other headquarters in Reading Berkshire, England. “The real key thing about our product is that we can actually create policy rules that let people do their job without making security an inhibitor. We can encrypt mail according to policy and have different roles and responsibilities for managing the system, such as line of business managers and compliance officers.”

San Diego-based Websense Inc., with $179 million in annual revenue, has a leak-prevention suite of software that discovers, monitors and prevents sensitive data from leaking out of the organization, either accidentally or maliciously, through common platforms, including email, instant messages, Web mail and network printers.

Washington D.C. RPost provides a service sponsored by 15 bar associations nationwide that gives legal proof that a message was received and also provides proof of the contents of the message, including attachments. As an email message is sent from one user to another, RPost provides the sender with a Registered Receipt™ confirming delivery status and original content sent in the email.

After a recipient reads an email, an “Open Receipt” is returned to the sender, indicating at what time the message was opened. This protects the company from litigation because the receipts legally document the content and reception of each message, casting aside doubts about who is sending and receiving what important or sensitive information, and when.

“It’s for correspondence of consequence that the service increases accountability by alerting the receiver that the sender knows that they got the email,” said RPost CEO Zafar Khan.