Skyrocketing volumes are turning e-mail from an indispensable communications tool into a double-edged sword with the power to cut business efficiency off at the knees. According to a recent report from the Framingham, MA-based advisory group IDC, the volume of e-mail sent annually worldwide exceeded one billion gigabytes for the first time last year. In more comprehensible terms, the average number of e-mails MessageLabs scans globally on behalf of 9,000 organizations now stands at 70 million per day.
This explosion in traffic is presenting new and significant headaches for businesses as e-mail bandwidth, storage and security concerns become more difficult and risky to manage.
Making matters worse are new regulations introduced in the United States and abroad after company executives failed to follow financial reporting and disclosure rules. The backlash from these high-profile scandals, which involved numerous Fortune 500 companies, prompted new corporate compliance laws, such as Sarbanes-Oxley here in the United States. Audits will be conducted to ensure compliance with regulations and companies suspected of regulatory failures will be subject to investigations, fines, and, most troubling of all, civil or criminal charges.
Equally important, they have dramatic implications for the treatment of written and electronic communications. Massive amounts of corporate information are communicated and exchanged via e-mail every day and while those communications may be viewed as virtual-and as a result less consequential or tangible than traditional communications-they in fact need to be considered as permanent and indelible as other "hard" or written communication.
For example, Sarbanes-Oxley, which affects many areas of corporate governance and accounting, specifically outlines expectations for the management, retention and deletion of business records, which in today's environment includes e-mail since many agreements, contracts and approvals are handled via e-mail.
Those who may still have doubts regarding the importance of treating e-mail as any other "hard" communication only have to look at the December 2002 rulings that the New York Stock Exchange, the Securities and Exchange Commission and the NASD handed down after President Bush signed the Sarbanes-Oxley Act into law. Those rulings levied fines of $1.6 million against five U.S. companies for violating e-mail record-keeping requirements.
In the case of Sarbanes-Oxley, the requirements to maintain and certify adequate internal controls fall directly on the senior executives of a public company. False certifications, either through intention or malfeasance, can result in million dollar fines and 10-year prison terms.
There is a growing consensus that meeting the test of adequate internal controls in Sarbanes-Oxley requires a robust approach to e-mail archiving. Effective e-mail filtering can help ensure efficient spending on archiving by removing a large percentage of unwanted or spam e-mails from incoming traffic, thereby reducing their impact and the volume of information requiring processing and storage. In addition, when e-mail filtering and protection is gained through a managed service, automatic e-mail backup and archiving is included, along with important Internet-level protections that organizations of any size and industry can find beneficial.
While archiving e-mail is important for compliance reasons, it also has value for legal reasons as well. As noted earlier, increasing numbers of business contracts, agreements, work approvals and other important documents are being handled electronically.
As people increasingly send and receive e-mail using multiple devices, with copies of any message potentially able to reach anyone with on-line access anywhere in the world, the potential for information to fall into the wrong hands is a very real risk.
It is not just customer information that must be considered. In order to comply with the regulations, businesses must take appropriate measures to mitigate the risk of disclosing all valuable or sensitive organizational data.
Fortunately, comprehensive e-mail management and security solutions can play a vital role in helping companies meet regulatory requirements and protect against legal actions. As a basic rule, companies are advised to make sure they seek proper protection from viruses and other malicious content, especially given the sophistication and malevolence of the new breed of converged viruses that have lately received significant media coverage. Proactive scanning at the Internet level can foster a safer working environment and offer protection against related internal security breaches and the possibility of mass mailing sensitive and confidential information.
Alex Shipp is a Senior Anti-Virus Technologist at MessageLabs
