E-mails also represent a threat to the information security of the company because e-mail is one of the main channels of data leaks. In fact, e-mails were traditionally used as the channel of the data leaks because this is a very convenient and easy way to share information. As a result, rivals or other intruders can obtain sensitive information about the company or its customers using e-mails. In fact, using e-mails as channel of information breaches may vary from the routine use of e-mail for receiving sensitive information from an employee of the company to the interception of e-mails send by the company to its business partners or customers or vice versa, sand by business partners or customers of the company to Star SEO.
Employees can send e-mails with sensitive information to third parties or uncover sensitive information to customers, business partners or colleagues, who may misuse the information. In such a way, intentionally or not employees may be involved in information breaches. Therefore, they should receive the proper training to use e-mails safely. In addition, the company should minimize the use of e-mail for personal communication of employees. In this respect, it is worth mentioning the fact that often employees use e-mail for their personal communication with their family members, friends, and other people. However, such communication may lead to the data leaks, although employee may even fail to notice it.
Therefore, e-mails should be under the strict control of the company. The control of the company over e-mails should include the ban of using e-mail for personal communication. The control officer should monitor e-mails of employees of the company. If the control officer identifies the employee, who sends e-mails to a third party, which is neither an employee of the company, nor a business partner, nor a customer of the company, then such employee should be included into the risk group and stay under a strict supervision of the control officer. Potentially, the company can ban all e-mails to third parties.
On the other hand, e-mail may be a channel of the distribution of viruses and malware, which employees can fail to notice, if they do not have training in this field. In this regard, the company should conduct the basic training of employees to teach them how to identify potentially dangerous e-mails and what to do with such e-mails (Viardot, 2001). In addition, employees should report to the control officer all cases of the reception of suspicious e-mails, while the IT department of the company could conduct the in-depth investigation of each case to identify the threat, if there is any, and to undertake steps toward its further prevention.
Therefore, the company should undertake such steps as insiders’ tricks recognition, user identification, tracking employees’ mood, creating employees’ risk groups and activities tracking, internal investigations. The identification of employees, who may misuse e-mails and their inclusion in the risk group will secure the information within the company. The regular tracking of suspicious activities will help the company to identify potential threats and eliminate them, if necessary.
Prevention of spreading sensitive data forums, weblogs, and social networks
Today, weblogs, forums and social networks are extremely popular. At the same time, employees of the company may underestimate the threat of weblogs, forums and social networks for the information security. The growing popularity of social networks, blogs and forums opens larger opportunities for their use as channels for the data leaks. On the other hand, employees of the company may not always be aware of effects of using weblogs, forums and social networks in regard to the information security of the company. In fact, they may commit information breaches even being absolutely unaware of them.
Information breaches may occur, when sensitive information appears in blogs, forums or social networks. Often employees may be not fully aware that the commit an information breach. For instance, they may share their experience with users of a social network or in their personal blogs. At first glance, employees may think they are doing nothing wrong as they are using blogs, forums or social networks. However, what they perceive as a mere chat with virtual community members may become an act of information breach. Employees may just underestimate consequences of their using social networks, blogs or forums, which may be monitored by rivals of Star SEO, for instance, and the important, sensitive information about the company or its clients may be collected by rivals.