d2OPS international - Email Risk Management

Search

What we do for ...

... GRC Management

... FCPA/UK Bribery Act /OECD Risk Management

... Contract Risk Management

... FRCP & ESI Risk Management

... Records & Asset Risk Management

... Email Risk Management

Email Risk Management

What is at risk?

Emails are now the principle communication method between organiations as well as within organisations. Yet they are rarely treated with the same respect that a letter or other formal document will be. And that lack of respect extends to the safekeeping of emails with their original contents (both in the body and via attachments).

However, emails are considered as much Electronically Stored Information (ESI) as are Microsoft Word documents or Excel spreadsheets. This is especially true of legal discovery under the US Federal Rules of Civil Procedure (FRCP).

The true risk of not understanding a) what has been communicated via email (inbound and outbound), b) where the original copies of those emails are presently kept and c) who should/shouldn't be using email to communicate about certain subjects, is unimaginably large. Imagine a scenario with one company preparing to acquire another and an email is inadvertantly sent to a third party. Or internal emails discussing possible lay-offs in the workforce accidently arriving in the union organiser's inbox ... the consequences of either situation could be catastrophic!

The benefits of taking action

Protecting your organisation from email leakage and inappropriate usage is more good business sense than big brother in action. Taking a managed approach to email analytics and risk mitigation, using modern screening technology, allows the normal (valid) day-to-day email traffic to continue as usual. However, exceptions are flagged by the system and held until an approved person clears them for sending or withdrawal.

Whilst this can add some delay to the 'suspect' emails being delivered it offers the organisation full visibilty of communication within sensitive areas of the business. And this could be the difference between a successful business acquisition or very public 'egg on face'.

Eliminating email-related risk

dOPS international will work with your senior management team to define the phrase-based keyword lexicon that email screening software requires. Email screening software uses the same fuzzy-logic techniques as spam filtering software does to scan inbound and outbound emails (and their attachments) looking for key indicators of exceeding pre-defined thresholds of acceptability. Flagged emails are held before delivery and offered to approved members of staff for human validation or deletion.

Once the lexicon is established, d2OPS international can help you decide which scanning software to use as well as help implement the work-flow that drives the exception handling. We can also help audit the use of email throughout current business-processes looking for weaknesses as well as opportunities for efficiency improvements without increasing risk. We will pay particular attention to mobile workers and home workers who might be using email on the company's behalf but are outside of traditional IT security systems.