SMB Messaging Focus - Sponsored by Alt-N

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

The need for organizations to retain emails will continue in 2012, regardless of business size. On the heels of December news that Citigroup agreed to a $750,000 (USD) civil fine for not retaining millions of emails, it is a sober reminder that losing email is not an option for regulated industries. While Citigroup should receive some kudos for self-reporting its loss (which occurred during an upgrade of its email archiving system between October 2008 and December 2009) the Financial Industry Regulatory Authority (FINRA) still determined the incident to be inexcusable.

I recently heard that Atos, one of Europe’s largest technology companies, plans to phase out email between colleagues over the next three years. The company’s more than 75,000 employees will be required to communicate with each other via instant messaging and a Facebook-style interface instead. This is the first I have heard of such a policy, but I doubt that 2012 will see a lot of this type of action. The company hopes this plan will increase productivity because the volume of email, which the company estimates to be up to 20 hours worth of worktime, is reportedly not translating to useful time spent. Of course email from outside the company will still be floating around. The idea is being met with both criticism and accolades.

“The goal of reducing the amount of data that is fast polluting our working environments and also encroaching into our personal lives is noble,” comments Nick Mehta, CEO of LiveOffice, a cloud-based email archiving company. “However, the idea of moving to a new communication mechanism is simply shifting the problem. The problem is that there is too much information and too much communication. This data explosion will follow you to whatever communication media you use.”

I have to agree with Mehta. Email is not going away. In fact, a new study published by Return Path, Inc. makes the point that while desktop and webmail use might be decreasing, a top (and increasing) use of smartphones is access to email. The study takes a look at the impact mobile is having on email viewing. (Note that webmail might have decreased by 11% according to the study, but it was still found to be the dominant platform (44%) for email access.)

In the study, Return Path researchers make this prediction: “Email is an important business tool, so some combination of desktop and webmail use is likely to remain dominant well into 2012. But the number of people who opt for smartphones increases each quarter, meaning email viewership on these devices will continue to grow. Add in the iPad and we predict that mobile viewership number will tick up by a measurable amount by the end of 2012.”

With email use firmly in play, the need to archive continues,no matter where it is accessed. As if to punctuate the news of Citigroup, Osterman Research and ArcMail just published a timely report called “The Critical Importance of Archiving in the Financial Services Industry.” (The paper is offered at no cost if you register with ArcMail.) It is filled with valuable takeaways for financial services firms as well as organizations in other markets, and provides three key steps that businesses can take to address compliance and retention obligations:

1. Every company, regardless of its size, must develop policies focused on the retention of its business records.
2. It is critical to deploy archiving technology that can satisfy content retention policies for email messages and their attachments, as well as potentially other types of content such as files, social media posts, instant messaging conversations and other data.
3. Choose an archiving system that can integrate with and satisfy other organizational requirements, such as making content available in a format that will satisfy regulators, external legal counsel and others.

Osterman notes early in the paper that “Some financial services firms do not archive their email and other electronic content because of their misperception that it is less expensive to pay the fines associated with non-compliance. That said, it is difficult to ascertain exactly how many firms fail to meet their retention obligations because few decision makers are willing to admit publicly that they are making a conscious decision to violate federal and other requirements for preservation of content. However, given the financial meltdown that began in late 2008, we can surmise with almost absolute certainty that government and industry oversight of the financial services sector in the context of data retention will become more stringent and more difficult over the next several years, and that archiving systems will play an even more important role in helping financial services firms to comply with their regulatory and legal obligations.”

The paper offers a list of current compliance requirements and steps to address compliance.

“The question facing financial services firms today is no longer whether to retain data, but how much to retain and how to go about getting the job done right,” says Rory Welch, CEO of ArcMail.

Although Welch is focusing on the financial services industry, others can benefit from best practices and adopt what makes the most sense for their industry types. With many compliance rules pertaining to data about employee and customers, most all businesses have some component of the need to retain email.

One thing we know for sure about 2012, email is not going away. Despite attempts like the one being planned by Atos. Like many, Mehta believes, “Previous attempts to move off of email (IM, Google Wave, etc.) have by and large been failures. The problem is the work culture—not the communication system.” However it turns out, it will be an interesting case study to follow.

Whether it is email, IM, or social media, data retention is indeed a challenge, due in large part to the sheer volume that passes through each messaging technology and the variety available. But a constant among all of it is the need to manage the medium regardless of type and find a reliable archiving technology that works for you.

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

Last week the U.S. House of Representatives Committee on the Judiciary postponed the mark up of H.R. 1981 a bill that could require a broad range of entities to store for 18-months IP addresses they assign to their users. According to the Center for Democracy and Technology (CDT), the scope of H.R. 1981 is “vast, covering not only commercial ISPs but also any private companies and non-profits that give their employees Internet access; the bill as drafted could even include home users.”

One of the many opponents to the bill is the Free Market Coalition, that includes the Competitive Enterprise Institute, TechFreedom, and Americans for Tax Reform’s DigitalLiberty.net. The coalition submitted a letter to the committee yesterday stating that it believes “the broad data retention mandate would burden small businesses, hinder innovation, undermine cybersecurity, endanger free speech, harm Americans’ privacy and set a dangerous international precedent—all without appreciably advancing law enforcement objectives or benefiting criminal investigations.”

The bill’s title is Protecting Children from Internet Pornographers Act. The data retention requirement is to assist state and federal law enforcement officials with child pornography and other Internet investigations. Because of the goal of the bill, provisions intended to help prosecutors for the purposes of investigating child pornography, could also be used to prosecute any crime. For law enforcement a standard amount of time for data to be retained is considered an important piece of the bill, however the 18-month timeframe appears to be negotiable. As of today, the amount of time ISPs and others keep IP addresses varies widely, there is no “standard”.

The postponed markup began yesterday.

In her blog Erica Newland of CDT writes, “CDT voiced our strong opposition to data retention in any form and expressed additional, serious concerns about the bill’s expansive scope and confusing language. A proposed manager’s amendment that will be offered for markup on Wednesday [July 27] fixes some of the worst language in the bill, but it also creates new areas for concern. Even if the proposed amendment is adopted, H.R. 1981 will still create more problems than it will solve.” Newland lists some of those problems in her blog.

One re-occurring concern with storing the required data is data security. As we all know, data breaches this year have been fast, furious and frequent. Newland points out, “Required registration would itself be a privacy violation and a burden on expression, but it would also expose users to a greater risk of identity theft and impose significant costs on establishments now burdened with retaining—and, crucially, securing—such information for a year.”

Data breach legislation is of keen interest in Washington these days. While most every state has its own data breach notification laws, federally there are only limited circumstances in which consumer notification is required. There are at least four bills pending. Once again, CDT has done a good job of comparing the bills.

While there’s significant energy being put into data breach notification laws, it seems we should be looking at how to better collect and secure the data in the first place

As CDT points out in a recent article: “Ideally, legislation addressing data security and data breaches would be incorporated into broader, baseline consumer privacy legislation. If Congress elects to pursue data breach notification independently, however, it should take care not to weaken the notification regime currently in place at the state level.”

At the conclusion of the markup yesterday, some amendments were made including reducing the 18-month retention requirement to one year. Another important change is that the previously exempt wireless providers are now included.

In a statement issued yesterday, Judiciary Committee Chairman Lamar Smith wrote: “H.R. 1981 provides perhaps the narrowest type of data retention possible. The bill does not require the retention of any email or telephone content. It does not require the retention of numerous types of records. It only requires providers to retain a log of the Internet Protocol (IP) addresses they assign to their customers. H.R. 1981 has a singular, narrow focus—identifying a criminal suspect.”

Smith also further clarifies that the bill is directed toward “…only commercial providers, the amendment exempts from the mandate the Internet services, including Wi-Fi, offered by coffee shops, bookstores and hotels.”

The markup for H.R. 1981 is slated to continue through Friday.

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

This week Osterman Research released its latest survey report that turned the tables on the usual vendor predictions—this time it was a group of his survey panelists that did the predicting. The 190 panelists were made up of mostly IT professionals (84 percent), the rest held non-IT roles. Osterman asked prediction questions on a number of topics from acquisitions to security trends.

The panelists were asked to gaze in their crystal balls regarding Twitter and if Google or Microsoft will acquire the company during 2011.

For Google’s acquisition plans of Twitter, the most popular response was “maybe” with 34 percent. The next most common response was “probably not” at 26 percent and “probably will” closely followed at 21 percent. Only 1 percent went with the “definitely will” and 4 percent went with “definitely not.” The “I have no idea” garnered 15 percent.

For Microsoft’s acquisition plans of Twitter, the most popular response was “probably not” at 45 percent. The next most common response was “maybe” with 27 percent. Only 2 percent selected “probably will” and 12 percent said “definitely not.” The “I have no idea” crowd stayed almost the same at 14 percent and no one thought that Microsoft would definitely acquire Twitter.

When asked about spam, this group felt that it will be more of a problem in 2011 (53 percent) or at the minimum it will be no better (32 percent) than 2010. As for malware, the vast majority of respondents (74 percent) thought that malware would be more of a problem in 2011 and 20 percent thought it would be the same.

While the group seemed to expect that spam and malware would be as bad or worse this year, they seemed more optimistic when it came to their own organizations. When asked if their organizations would experience a data breach in 2011 the survey panelists felt fairly confident that their organizations would not, with 62 percent saying “probably not” and just 15 percent saying “maybe.” Fourteen percent gave a very sure “no way’ response.

Similarly, when asked if a major malware/virus/worm outbreak introduced by smartphones, iPads, or other mobile devices is anticipated, 49 percent of this group stated “probably not” and 24 percent gave an optimistic “maybe.”

When it comes to malware and spam, Osterman’s panelist group appears to be good assessors of the market. Experts are saying that 2011 may indeed prove to be a creative year for cybercriminals. The way that 2010 threats evolved makes the expectation of increasing malware not hard to expect. Per Panda Security, in 2010, cyber-criminals created and distributed one-third of all existing viruses, creating 34 percent of all malware that has ever existed and been classified by the company.

As part of its 2010 Annual Report, Panda Security also believes that Mac users will come under new threats and will become an increasing target in 2011 as the market share of the computer continues to grow. The report also points to a continued spotlight on social networks for malware and called 2010 the year of cyber-crime, cyber-war and cyber-activism.

All of this points to the continuing need for organizations to be as vigilant in 2011 as they were last year.

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

In the last installment of the Messaging News Small Business Dispatch, I noted that many online scams rely on brand names to add legitimacy to the nefarious requests for credit card numbers, bank details, passwords and to plant malware. The need to monitor site traffic as a Web security tactic grows as this kind of activity continues. Organizations of all sizes are using Web monitoring and Web filtering solutions, including 69.9 percent of small and medium-sized enterprises (SMEs), according to a new survey by GFI Software. GFI reports that SMEs use the technology “to block offensive sites, stop malware infections from downloaded files and to prevent malware attacks from drive-by downloads.” The GFI survey respondents were either IT management or IT staff working in network management and administration. Only 8.9 percent had over 500 employees.

Employees, Social Networking, and Cyberslacking

“Cyberslacking.” Sounds fun doesn’t it? No doubt it is, but not necessarily desirable when you are paying employees for a work product. But blocking social media is not really possible anymore, especially as businesses continue to seek ways to use the medium as part of a business strategy. In fact, GFI notes that the most valuable brands in the world are experiencing a direct correlation between top financial performance and deep social media engagement. If it needs to be open for business, how do you close it off for personal employee use? The simple answer is, most companies don’t. In GFI’s survey of SMEs, respondents were asked if employees were allowed to surf the Internet for personal reasons during breaks. Eighty-five percent said yes, however, all used Web filtering to restrict what employees can view and access.

This restriction is well founded, not only to prevent cyberslackers from whiling away the hours, but also to keep threats at bay. In its Q3 2010 Internet Threat Trend Report, out this week, Commtouch Labs shows that hyperlinked malware and HTML attachments saw a “significant increase” as attachments either “displayed phishing pages or redirected users to sites hosting malware or spam.” Unsuspecting users can easily be fooled by these very sophisticated ploys.

Acceptable Use Policy Guidelines

GFI notes that: “While organizations are happy to allow employees to access the Internet for personal reasons, they are not giving them access to sites that are known to contribute most to loss in productivity / cyberslacking and those sites that are bandwidth-hungry. It also may be the case that organizations are only allowing access at certain times of the day, for example, during employees’ lunch break or after hours. Blogs and news sites are the categories of Websites blocked the least by respondents to the survey.”

Commtouch Labs reports that during the third quarter of 2010, the Web sites most likely to be compromised with malware continue to be pornographic sites—parked domains, business, computers & technology, and education round out the top five. For phishing threats, the top five are games, sex education, shopping, travel and computers & technology.

The use of Web monitoring is gaining acceptance among employees. Of those in the GFI survey, 92.5 percent inform their employees that online activity inside the organization may be monitored. Along with notifying employees of the policy, management should also work to educate employees on the “why” and learn about the potential risks they may bring into their company.