The dangers of dodgy emails

Recent reports have highlighted the problems that organisations face if their staff misuse email.

The UK government discovered the danger when an email was leaked over the "burying" of bad news by ex-adviser Jo Moore and, according to a survey from internet filtering firm SurfControl, nearly 30 per cent of staff in the UK have admitted to sending sexist, racist, pornographic or discriminatory emails at work.

Aside from problems concerning the transmission of sensitive or offensive material, the quantity of personal emails sent may itself be a problem.

Stuart Morrice, managing director of internet and email security firm Peapod, said that according to its recent research, on average 55 per cent of emails flowing through firms are unrelated to the business, leading to higher bandwidth costs and lower productivity.

Personal emails are also more likely to leave firms vulnerable to legal action. "This type of mail could be sexist, racist, defamatory or contain pornographic material," said Morrice.

Material evidence

If emails do contain this kind of material they may be used in evidence against companies, for example in sexual harassment cases where an employee is offended by a pornographic image sent through a corporate email account.

Companies are increasingly aware of the potential difficulties of allowing staff to use corporate email for personal or confidential communications.

Car manufacturer Ford recently offered a two-week amnesty to allow staff to delete any offensive material held on their machines with help from the IT department.

Other firms, such as the insurer Royal & Sun Alliance and mobile phone operator Orange, have decided on harsher action, suspending employees involved in the distribution of offensive email.

Email misuse is now a big enough problem to attract attention outside the IT department, according to Jos White, founder and marketing director at email filtering company MessageLabs.

"At a board level there are concerns with productivity and legal implications," he said. "Within human resources there are concerns with staff [not] following company policies and again with the legal implications.

"Within the marketing department there are worries over the company's brand and reputation, especially if a problem attracts publicity."

But, although awareness of the dangers is growing, recent figures on employee misuse of email show that companies must do more to protect themselves.

Written codes

Many are creating written codes to achieve this, or updating existing policies to specify the types of communication which are prohibited. Such policies can be used to educate employees on proper email use, and will then give companies some protection against legal liabilities.

"The policy is the first step in ensuring that email will not compromise business operations in any way, and is used productively and in the best interests of the company," said White.

A major concern is that some employees still ignore or are unaware of the possible repercussions of using email as a tool for sending personal, sensitive or offensive material.

Staff tend to think they will not get caught, according to Dave Brunswick, European director of technical services at security content management firm Tumbleweed.

Legal compliance

He explained that written policies should always be supported by electronic measures, such as monitoring, to ensure that employees follow guidelines. Staff must be made aware of these policies and told whether email will be monitored, to ensure compliance with the Data Protection Act.

Brunswick emphasised that companies should be constantly vigilant about tracking and monitoring emails as well as educating employees. When prohibitions are firmly established in corporate policies, employees must be disciplined if they break the rules.

"Ultimately, if people are abusing the system, they should rightly be pulled up on it," he concluded.