By Mike Palman, Managing Director, Green Plane Solutions
With so many high profile court cases around today, is it any wonder that many people incriminate themselves unintentionally? We now live in a truly digital world where internal systems are often highly intelligent and routinely record your history. We all leave a digital breadcrumb trail that can be tracked, traced and monitored.
Email archiving has become a hugely useful system when analysing what people did, when they did it, who they included and exactly what the content of the mail was. It can help with compliance issues and reduce lengthy back up times. But many people still do not realise that removing or deleting messages or history from their PC or device will not save them if any analysis is subsequently undertaken. When auditors start to dig, they will find the emails with attachments (documents) and will be able to see an audited digital trail. Think about it – all email messages are date and time stamped according to the settings on your computer and these do not lie.
Although some organisations are struggling to keep on top of their staff’s ability to create digital content creation, most have powerful search engines that make light work of trawling enormous volumes of data and or documents and can therefore easily find incriminating evidence. For example, if you are a member of Google, they will regularly provide you with free analytics of where you have been, what you have searched and who you have sent emails to. So what lessons can be learnt?
When you create emails/documents, as a user you should:
- Be careful who you send emails to – if and when required, people will find out
- Be careful about including attachments – so often people forget that there are solid archiving and retrieval software already in place
- Remember audit trails – every email sent has an audit trail and audit trails don’t lie
- Be aware that local deletion won’t make any difference – a copy has already been archived in most cases
- Think about content of documents, emails and text – many companies have the ability to search for keywords and will e-discover your content quite easily.
As a company, you should:
- Ensure your backup systems are capable of doing their job properly
- Ensure you have an enterprise search engine
- Provide staff with the facts that their incoming/outgoing mail will be monitored. It is legal for companies to monitor staff email, but you have to let people know in advance. Most companies already have a written email policy, but to ensure good practice, this should form part of their induction and on-boarding process. Any changes to internal policy also needs to be issued and communicated to staff as soon as the decision has been made and before changes have been undertaken. See here for more information on this: http://www.adviceguide.org.uk/england/work_e/work_rights_at_work_e/monitoring_at_work.htm
- Monitor sensitive information and ensure that you use encryption. Most modern email archiving solutions have encryption, however third party software is also available as an additional security layer. One well known company has found that 35% of companies do not encrypt (and should) – however that does also mean that 65% of companies do encrypt, which is encouraging.
- Don’t forget to review your security regularly
One additional note is that often – as individuals or companies – we have the option of encrypting (using Secure Sockets Layer or SSL) when setting up email (depending on your ISP provider). SSL and the more recent Transport Layer Security (TLS) are cryptographic protocols which are designed to provide communication security over the Internet. It’s also worth looking at the HTTP messages. If they have a ‘S’ after the HTTP(S), then they are Hypertext Transfer Protocol Secure and will be more secure. HTTPS is now widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.
So as long as you are sensible and do not do anything outrageous, then everything should be fine; however be aware that Big Brother is watching you and will continue to watch you. Things you should expect to be seen by others include documents, mails and texts, your internet habits and potentially for some, phone calls. Oh yes and be concerned if you are sending, creating or receiving inappropriate content! That really is asking for trouble.