Large firms monitor staff e-mail

Nearly half of large companies employ staff to monitor and read outbound e-mail for fear that staff are leaking confidential or...

Nearly half of large companies employ staff to monitor and read outbound e-mail for fear that staff are leaking confidential or embarrassing material.

According to the survey by Forrester Research, the trend is also on the up. However, legal experts warn that the urge to keep an eye on e-mail could lead to its own legal and security problems.

Based on interviews with 140 senior staff at North American corporations, the survey suggested that companies are overwhelmingly concerned about the dangers posed by uncontrolled outbound e-mail, but are not satisfied with automatic scanning tools.

Fifty-two percent of all companies, large and small, said they monitored external e-mail with tools included in anti-spam software, and smaller proportions said they used other kinds of automated tools, such as software for watching instant messages and web-based e-mail.

Even so, a human element was seen as necessary - 43.6% of companies with more than 20,000 employees had staff for reading outbound e-mail, or an average of more than 30% of companies of all sizes. On top of this, one in three companies said they conducted regular audits of outbound e-mail content, rising to 38% for large companies.

The reason for all this effort appears clear - nearly 75% of large companies said dealing with the financial and legal risks of outbound e-mail was an "important" or "very important" priority in the next 12 months.

Confidential memo leaks topped the list of biggest e-mail concerns, with 75.7% saying they were "concerned" or "very concerned" about them, followed by intellectual property and trade secrets with 71.4%, and such areas as privacy regulations, inappropriate content and attachments and financial disclosure, all with about 64%.

The proportion of companies employing staff to monitor e-mail varied by sector - the highest was the business services, transportation and logistics, construction and engineering sector, with 45.5%; the lowest was goods manufacturing, with 22.2%.

Among companies conducting regular e-mail audits, the highest proportion was in the finance and insurance sector at 44.4%; only 24.4% of companies in goods manufacturing said they conducted audits.

Overall, 9.3% of the companies without e-mail monitoring staff said they intended to add it, with the figure rising to 12.8% for large companies.

The survey, which was funded by a company that makes automated e-mail monitoring tools, is designed to highlight the extra expense of e-mail monitoring by staff instead of software and as such is silent on what exactly these employees are doing.

For the survey's purposes, a member of staff could have e-mail monitoring as part of his or her job description without spending a great deal of time on it. The 52% of companies that use e-mail monitoring tools included in anti-spam software may simply have a member of staff who spends a portion of his or her time keeping an eye on the tool.

What is clear from the results, more than half of which come from directors or managers of IT, is that companies see outbound e-mail as a legal and financial risk, and feel they need some mechanism in place to control it. In the UK, however, privacy regulations may make this a dangerous path to take, not to mention the security risk, according to a legal analyst.

"It is essential that those who have access to other people's e-mails are properly trained to understand their responsibilities to ensure confidentiality and security. If employees fail to do so, the employer may fall foul of the Data Protection Act among other legal requirements," said Rosemary Jay, a data protection specialist with law firm Masons, in a bulletin on the survey.

Human e-mail monitoring also raises a security risk, since individuals are often the weakest link in the security chain, Jay said. "It raises the question of who guards the guardians."

Matthew Broersma writes for IDG News Service

Read more on PC hardware