Acceptable Use Policy: Diminish Your Business Risks Sponsored by:
Nancy Flynn Executive Director The ePolicy Institute Lee Rothman Security Engineer Symantec Hosted Services
Potentially Costly & Protracted Business Risks <ul><ul><li>Regulatory audits & fines. </li></ul></ul><ul><ul><li>Security ...
#1 Business Risk: Workplace Lawsuits
Best Practice:  Use Policy to Manage Legal Risks <ul><ul><li>Vicarious Liability  </li></ul></ul><ul><ul><li>Workplace ema...
  Amended Federal Rules of Civil Procedure Email & ESI Create Electronic DNA Evidence  <ul><ul><li>“ Electronically stored...
Best Practice:  Focus on Content, Not Technology <ul><ul><li>Email  </li></ul></ul><ul><ul><li>IM & Text Messages </li></u...
Welcome to the  New  Sexual Harassment <ul><li>Email & web content can trigger sexual harassment & hostile work environmen...
Best Practice:  Enforce Personal Use Rules <ul><li>Company email </li></ul><ul><li>Company cell phones </li></ul><ul><li>P...
“ Sexual harassment isn’t about being  chased around the desk anymore.”   — Newsweek <ul><li>Hooters waitress files sexual...
Online Venting Leads to Defamation Claims <ul><li>Email & social media content can trigger defamation claims and serve as ...
Defamatory Online Comments: Click  to Destroy Reputations, Careers & Companies <ul><li>Daniel Duran, head of nonprofit US ...
Content Can Trigger Costly PR Nightmares <ul><li>Online content can create avalanche of negative publicity. Recovery is no...
Content Can Create Costly Compliance Disasters <ul><li>Online content can put confidential company, customer, patient data...
Best Practice:  Enforce Clear &  Specific  Content Rules <ul><ul><li>No Harassment or Discrimination Based On:  </li></ul>...
Best Practice: No  Funny Business  Online <ul><ul><li>No   rumors or gossip about company, customers, competitors, employe...
Best Practice: Support Content Rules & AUP with Training  <ul><ul><li>Full-Time Employees </li></ul></ul><ul><ul><li>Part-...
Best Practice:  Support Policy with Content Control Technology <ul><ul><li>Email Monitoring:  Internal & External </li></u...
Best Practice: Exercise Your Legal Right to Monitor <ul><li>Electronic Communications Privacy Act (ECPA). </li></ul><ul><l...
Monitoring Rights & Privacy Realities <ul><li>First Amendment  only  restricts government control of speech. </li></ul><ul...
Best Practice: Support AUP with Content Monitoring & Blocking <ul><li>43%  monitor email. </li></ul><ul><li>96%  monitor  ...
“ You Have No Reasonable Expectation of Privacy ” <ul><li>Notify employees of monitoring  71% </li></ul><ul><li>Employee h...
Porn Pummels Productivity …and Public Image! <ul><li>2010:  SEC lawyer, employees, contractors caught surfing porn on the ...
Best Practice: Combat Content Risks with URL Blocks <ul><li>65%  employers in 2007 vs.  38%  in 2001. </li></ul><ul><li>Se...
Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Establish comprehensive, written rules and policies addres...
Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Provide clear guidance on what is—and is not—appropriate b...
Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Stress the fact that policy compliance is 100% mandatory—d...
Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Establish netiquette guidelines to help ensure civil busin...
Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Review and update AUPs & employment policies annually. </l...
Symantec Hosted Services & Acceptable Usage Policies
We help solve the Top Challenges of Messaging Security  EMAIL-BORNE THREATS CONTINUE TO EVOLVE Symantec State of Spam Repo...
Control Challenges * Ponemon Institute, 2009 Sensitive Data is Leaving the Enterprise <ul><li>Over 88% of all data loss ca...
Risk of Data Loss <ul><li>Data Loss Can Result In: </li></ul><ul><li>Regulatory fines </li></ul><ul><li>Litigation </li></...
How our service works… MessageLabs Email Content Control  <ul><li>Key Features: </li></ul><ul><li>Highly flexible, intuiti...
How our service works… MessageLabs Email Image Control <ul><li>Key Features: </li></ul><ul><li>Configurable,  highly accur...
Business Benefits of our Services Email Image Control and Content Control <ul><li>Increase User and IT Productivity  </li>...
Cloud computing vs. SaaS Where do we fit in?
General Benefits of SaaS Lower Total Cost of Ownership  (TCO)  Simplified Management  Shorter Deployment Time Seamless I...
Symantec does it better Highest SLA Performance backed by  Cash-Back Remediation  Best SaaS Support: 24x7X365 95% satisfa...
Next Steps <ul><li>Begin a free trial of MessageLabs Email Security services </li></ul><ul><li>See a demo </li></ul><ul><l...
 
The ePolicy Institute™ www.epolicyinstitute.com  [email_address] <ul><li>Contact us </li></ul><ul><ul><li>Seminars & Webin...
Upcoming SlideShare
Loading in …5
×

Acceptable use policy webcast slides

1,169 views
1,047 views

Published on

Employers can be held responsible for wrongful acts committed by employees in the course of their employment: the principle of vicarious liability. After the June 2010 Supreme Court Ruling, this principle has increased in importance and has given the legitimate, work-related rationales for auditing, archiving, or reviewing employee communications and creating the expectation of privacy as not equivalent to an absolute right to privacy. With such a monumental ruling and privacy rights being called into question, it's important to review acceptable use policies and your business risks to determine the best next steps for your organization.

View this on-demand webcast to learn clear steps your organization should be taking to mitigate the risks of uncontrolled employee email and Web use. Aside from the obvious risk of reduced productivity and wasted IT resources, from an employee who spends significant periods of the day engaged in personal email or Web use, other risks include harassment, defamation and the loss of intellectual property, contract information and confidentiality.

View recording here: http://www.messagelabs.com/resources/events#

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,169
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
20
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Kelly:
  • The top messaging security challenges facing your organization include: Email-borne Threats Continue to Evolve - From 2001 to 2010, spam volume grew from 8% of all email volume to over 80% of all emails. In fact, many enterprise customers are finding that over 95% of their email traffic is spam. Spammers are getting more sophisticated, and spam blocking is becoming more complicated. Attackers are motivated by financial gain and seek to sell private information in what has become a well organized underground economy. Sensitive Data is Leaving the Enterprise – Data loss can occur across a variety of vectors including email. Most data loss occurs as a result of employee error, but a 2009 Ponemon Institute study revealed that 59% of ex-employees took confidential information with them when they left. Ensuring Compliance with Usage Policies – To minimize legal risk and ensure email can be used as an effective tool for sharing confidential information with key business partners, businesses need effective tools for monitoring behavior and enforcing Acceptable Usage Policies that govern distribution of inappropriate content or mandate encryption. Managing Cost and Complexity – As the threat landscape evolves and businesses undergo changes, the cost of maintaining an effective messaging security environment can increase. Businesses need a solution that is easy to deploy and manage further protecting them and mitigating risks. Today, I’ll focus in on how we enforce usage policies.
  • What are the common challenges that organizations are facing today in the content of email communications? Protecting users (employees) is not only a productivity issue, but also a legal issue in many cases. Organizations need to ensure that email communications of an inappropriate nature do not reach employee inboxes. This means guarding against both email content and images of an offensive or inappropriate nature. Compliance is also a driver for many organizations with steep and mounting fines imposed for failure to protect confidential data from being improperly distributed. Data leakage is a growing issue for many businesses. Proprietary and confidential documents, content and images leaving organizations without authorization or even mistakenly distributed to incorrect recipients can damage company brand and reputation. It can be a costly task to monitor and maintain the filters necessary to ensure these issues are prevented from happening. Often, accuracy can be a moving target with legitimate emails also being blocked by the same rules created to protect company content &amp; operational efficiency.
  • Recent studies have found that confidential data is frequently found in email communications. While the fact that email is used for this is likely not surprising, what is surprising is that most companies are not scanning their email to monitor this data. This leaves organizations at serious risk. Confidential data could result in litigation, regulatory fines, or loss of reputation and business.
  • MessageLabs Email Content Control service identifies and controls confidential or inappropriate content within emails and attachments sent or received by employees. Comprehensive rule-building processes allow you to quickly and easily establish policies and actions for matching email content. The service scans within subject, header and body as well as supported PDF, MS Office &amp; compressed file attachments. Notifications are configurable for each rule and the action type attached to it. A customizable word list threshold allows administrators to establish how many occurrences of keywords or phrases must be present before a rule and action are applied. Our service also provides extended character list recognition to allow for rules and actions to be applied to non-western characters.
  • MessageLabs Email Image Control service scans emails and attachments to identify, control and block inappropriate images entering or leaving your network. Powered by an extremely accurate image scanning engine, the service is particularly suited for the detection of pornographic images. The service is customizable with approved sender and recipient lists to help you accurately prevent or allow users to send and receive images. Signature databases are also customizable to allow administrators to create local databases of images that are proprietary or specific in nature. An additional feature to improve accuracy is the optional global image signature database which is submitted by the MessageLabs client community and maintained by MessageLabs. This allows access to a database of images that are emerging as newly discovered inappropriate images.
  • Using the MessageLabs Image Control and Content Control services allows you to reduce your risks of data loss, sexual harassment, regulatory fines and penalties and loss of reputation or business. Our services can also allow you to lower your costs by increasing employee productivity with more efficient email use. Because our services are hosted, upgrades and hardware/software maintenance are managed by MessageLabs and are included in the subscription cost. Image and Content Control services integrate with our Anti-Virus and Anti-Spam services as well and are easily administered from the same user interface. Our services will allow you to enforce your acceptable use policies and monitor your email and email attachments whether they are inbound or outbound. An additional value MessageLabs delivers is through our aggressive service level agreement.
  • Acceptable use policy webcast slides

    1. 1. Acceptable Use Policy: Diminish Your Business Risks Sponsored by:
    2. 2. Nancy Flynn Executive Director The ePolicy Institute Lee Rothman Security Engineer Symantec Hosted Services
    3. 3. Potentially Costly & Protracted Business Risks <ul><ul><li>Regulatory audits & fines. </li></ul></ul><ul><ul><li>Security breaches. </li></ul></ul><ul><ul><li>Lost productivity. </li></ul></ul><ul><ul><li>Media scrutiny. </li></ul></ul><ul><ul><li>Credibility destroyed. </li></ul></ul><ul><ul><li>Lost customers & revenues. </li></ul></ul><ul><ul><li>Career setbacks. </li></ul></ul><ul><ul><li>PR nightmares. </li></ul></ul><ul><ul><li>Personal & professional humiliation. </li></ul></ul><ul><ul><li>Workplace lawsuits. </li></ul></ul>
    4. 4. #1 Business Risk: Workplace Lawsuits
    5. 5. Best Practice: Use Policy to Manage Legal Risks <ul><ul><li>Vicarious Liability </li></ul></ul><ul><ul><li>Workplace email subpoenaed. 24% </li></ul></ul><ul><ul><li>Battled email-specific lawsuits. 9% </li></ul></ul>Source : 2009 Electronic Business Communication Policies & Procedures Survey, American Management Association & The ePolicy Institute.
    6. 6. Amended Federal Rules of Civil Procedure Email & ESI Create Electronic DNA Evidence <ul><ul><li>“ Electronically stored information” (ESI) is discoverable & may be used as evidence —for or against your company— in litigation. </li></ul></ul><ul><ul><li>Business record email must be preserved, protected & produced during discovery. </li></ul></ul><ul><ul><li>Know—and adhere to—federal discovery rules. Research—and comply with—state discovery rules (where you operate or have customers or patients). </li></ul></ul><ul><ul><li>Content & Retention Policies + Training + Hosted Content Control & Archiving Service = Strategic Risk Management </li></ul></ul>
    7. 7. Best Practice: Focus on Content, Not Technology <ul><ul><li>Email </li></ul></ul><ul><ul><li>IM & Text Messages </li></ul></ul><ul><ul><li>Blogs & Social Media </li></ul></ul><ul><ul><li>Internet & Intranet </li></ul></ul><ul><ul><li>Desktop, Laptop, Blackberry, Smartphone </li></ul></ul><ul><ul><li>Office, Home, Airports, Hotels, Etc. </li></ul></ul><ul><ul><li>Business Equipment & Systems </li></ul></ul><ul><ul><li>Personal Tools & Private Accounts </li></ul></ul><ul><ul><li>Remember, unless a written record is required for legal, regulatory or business reasons, email is not always the best way to communicate. </li></ul></ul>
    8. 8. Welcome to the New Sexual Harassment <ul><li>Email & web content can trigger sexual harassment & hostile work environment claims & provide smoking gun evidence. </li></ul><ul><li>Best Practice: Apply content rules & AUP to email, IM, texting, web, social media, blogs, camera & video phones, other tools. </li></ul><ul><li>Best Practice: Apply content rules & AUP to business & personal, 9-to-5 & after-hours electronic communication. </li></ul><ul><li>Best Practice: Use AUP to ban private accounts & tools at work. </li></ul><ul><li>Best Practice: Use AUP to limit personal use of company system. </li></ul>Symantec Hosted Services Strategy & Vision
    9. 9. Best Practice: Enforce Personal Use Rules <ul><li>Company email </li></ul><ul><li>Company cell phones </li></ul><ul><li>Personal email account </li></ul><ul><li>Personal cell phones </li></ul><ul><li>Personal social media </li></ul><ul><li>Company IM </li></ul><ul><li>Company text </li></ul><ul><li>Personal text </li></ul><ul><li>83% </li></ul><ul><li>62% </li></ul><ul><li>50% </li></ul><ul><li>43% </li></ul><ul><li>43% </li></ul><ul><li>36% </li></ul><ul><li>35% </li></ul><ul><li>33% </li></ul>Symantec Hosted Services Strategy & Vision
    10. 10. “ Sexual harassment isn’t about being chased around the desk anymore.” — Newsweek <ul><li>Hooters waitress files sexual harassment claim vs. Ft. Lauderdale restaurant. Sexting claim based on explicit photos & text messages sent by manager (2010). </li></ul><ul><li>Director of Delaware, OH county jail resigns after using personal cell phone to take & send inappropriate photos to female employee—while on duty and in uniform (2010). </li></ul><ul><li>Lafayette College settles sexual harassment case for $1 million after campus safety officer sends pornographic email to female employees (2010). </li></ul><ul><li>Offensive/pornographic email & web images evidence in class-action hostile work environment claim against public company. Unmanaged content contributes to confidential settlement (2008). </li></ul>Symantec Hosted Services Strategy & Vision
    11. 11. Online Venting Leads to Defamation Claims <ul><li>Email & social media content can trigger defamation claims and serve as smoking gun evidence. </li></ul><ul><li>Best Practice: Apply AUP—including content rules, language do’s & don’ts, netiquette guidelines, code of conduct, ethic guidelines, and specific usage rules—to email, IM, texting, web, social media, blogs, camera & video phones, other tools. </li></ul><ul><li>Best Practice: Inform employees that all electronic policies and all employment rules apply at all times—business & personal, 9-to-5 & after-hours electronic communication. </li></ul><ul><li>Alert Employees: A policy is a policy & compliance is 100% mandatory. </li></ul>Symantec Hosted Services Strategy & Vision
    12. 12. Defamatory Online Comments: Click to Destroy Reputations, Careers & Companies <ul><li>Daniel Duran, head of nonprofit US Soybean Export Council, sidelined by board following email allegations of affair with employee & other leadership shortcomings. Filed defamation suit in MO federal court. Duran granted directed verdict (2010). </li></ul><ul><li>Dr. Eric Henne filed malicious defamation claim against Philadelphia’s Thomas Jefferson University Hospital & 2 docs following distribution of email implying Henne was interfering with physician-patient relationships & engaged in kickback scheme. Confidential settlement reached (2008). </li></ul>Symantec Hosted Services Strategy & Vision
    13. 13. Content Can Trigger Costly PR Nightmares <ul><li>Online content can create avalanche of negative publicity. Recovery is not a given. </li></ul><ul><li>Domino’s Pizza humiliated when prank video became YouTube sensation. Employee stuffed cheese up nose while preparing food. Massive media coverage forced Domino’s to address food prep allegations online & via mainstream media (2009). </li></ul><ul><li>California Pizza Kitchen server Tweeted protest against new uniforms. Fired for Tweeting complaints. Server responded to termination on YouTube, taking personal gripe global (2009). </li></ul><ul><li>Goldman Sachs’ internal email, inc. “Sounds like we will make some serious money.” Lawmakers & public recoil as GS execs brag about profiting from housing market crash—after helping orchestrate market inflation (2010). </li></ul>Symantec Hosted Services Strategy & Vision
    14. 14. Content Can Create Costly Compliance Disasters <ul><li>Online content can put confidential company, customer, patient data at risk of exposure. </li></ul><ul><li>Regulated firms obligated to safeguard customers’ financial data & patients’ EPHR. </li></ul><ul><li>For all organizations, survival depends on the protection of confidential data, inc. IP, trade secrets, R&D, marketing plans, customer lists, personnel data, internal email, etc. </li></ul><ul><li>Thousands of pages of classified docs about Afghan War leaked to WikiLeaks.org on July 25, 2010. Mainstream media worldwide quickly respond by reporting contents. </li></ul>Symantec Hosted Services Strategy & Vision
    15. 15. Best Practice: Enforce Clear & Specific Content Rules <ul><ul><li>No Harassment or Discrimination Based On: </li></ul></ul><ul><ul><ul><li>Sex, Sexual Orientation, Sexual Preference, Race, Color, Religion, National Origin, Age, Disability, Other Status Protected by Law. </li></ul></ul></ul><ul><ul><ul><li>No Disclosure of Confidential Company, Customer, Patient Data </li></ul></ul></ul><ul><ul><ul><li>Rules Apply to Written Text, Photos, Videos, Art of Any Kind </li></ul></ul></ul><ul><ul><li>Adhere to All Company Rules & Policies </li></ul></ul>Symantec Hosted Services Strategy & Vision
    16. 16. Best Practice: No Funny Business Online <ul><ul><li>No rumors or gossip about company, customers, competitors, employees, or 3 rd parties. </li></ul></ul><ul><ul><li>No defamatory comments about anyone—internal or external parties. </li></ul></ul><ul><ul><li>No whining or complaining about the organization, its customers, management, products, services, mission, procedures. </li></ul></ul><ul><ul><li>No external distribution of internal documents including company email, IP, confidential customer/patient data, eyes-only info. </li></ul></ul><ul><ul><li>No transmission, downloading, uploading of “funny,” off-color, or offensive/non-business-related cartoons, videos, photos, files, art. </li></ul></ul><ul><ul><li>No shooting or posting business-related photos or videos without authorization. </li></ul></ul>Symantec Hosted Services Strategy & Vision
    17. 17. Best Practice: Support Content Rules & AUP with Training <ul><ul><li>Full-Time Employees </li></ul></ul><ul><ul><li>Part-Time Workers </li></ul></ul><ul><ul><li>Freelancers & Independent Contractors </li></ul></ul><ul><ul><li>Executives & Professionals </li></ul></ul><ul><ul><li>Supervisors, Staff & Interns </li></ul></ul><ul><ul><li>Board Members & Volunteers </li></ul></ul><ul><ul><li>Train Everyone… From the Summer Intern to the CEO </li></ul></ul>
    18. 18. Best Practice: Support Policy with Content Control Technology <ul><ul><li>Email Monitoring: Internal & External </li></ul></ul><ul><ul><li>Email Content Control </li></ul></ul><ul><ul><li>Web Monitoring </li></ul></ul><ul><ul><li>Web Content Control </li></ul></ul><ul><ul><li>URL Blocking </li></ul></ul>
    19. 19. Best Practice: Exercise Your Legal Right to Monitor <ul><li>Electronic Communications Privacy Act (ECPA). </li></ul><ul><li>Computer system = property of employer. </li></ul><ul><li>Informed users should not consider email, text, tweets, posts, online conversations their own. </li></ul><ul><li>Even if management says online conversations are not monitored, employees should not expect privacy. </li></ul><ul><li>Supreme Court Of The United States: Monitoring trumps privacy on employer-provided text system, June 17, 2010 ( City of Ontario v. Quon ). </li></ul>Symantec Hosted Services Strategy & Vision
    20. 20. Monitoring Rights & Privacy Realities <ul><li>First Amendment only restricts government control of speech. </li></ul><ul><li>Private employers are free to fire at will in employment-at-will states. </li></ul><ul><li>SCOTUS ruling 2009: Even government entities may now fire employees if comments —email, Tweets & posts included — harm mission & function of workplace. </li></ul>Symantec Hosted Services Strategy & Vision
    21. 21. Best Practice: Support AUP with Content Monitoring & Blocking <ul><li>43% monitor email. </li></ul><ul><li>96% monitor external email (incoming & outgoing). </li></ul><ul><li>58% monitor internal email. </li></ul><ul><li>IM is turbocharged email. Texting is mobile email. Monitor both. </li></ul><ul><li>Source: American Management Association/ePolicy Institute 2007 Electronic Monitoring and Surveillance Survey </li></ul>Symantec Hosted Services Strategy & Vision
    22. 22. “ You Have No Reasonable Expectation of Privacy ” <ul><li>Notify employees of monitoring 71% </li></ul><ul><li>Employee handbook 70% </li></ul><ul><li>E-mail notices 40% </li></ul><ul><li>Written notices 35% </li></ul><ul><li>Intranet postings 32% </li></ul><ul><li>Formal onsite training 27% </li></ul><ul><li>Source: 2007 Electronic Monitoring & Surveillance Survey , American Management Association/The ePolicy Institute. </li></ul>Symantec Hosted Services Strategy & Vision
    23. 23. Porn Pummels Productivity …and Public Image! <ul><li>2010: SEC lawyer, employees, contractors caught surfing porn on the job. Over 1,800 attempts to access porn in 17-day span. </li></ul><ul><li>2009: At DC govt agencies, 9 employees each surfed 20,000+ porn sites (200 hits/workday). 1 employee visited 48,000+ porn sites in 12 months. 32 employees = 2-week suspensions to terminations. </li></ul>Symantec Hosted Services Strategy & Vision
    24. 24. Best Practice: Combat Content Risks with URL Blocks <ul><li>65% employers in 2007 vs. 38% in 2001. </li></ul><ul><li>Sexual/romantic/pornographic 96% </li></ul><ul><li>Game sites 61% </li></ul><ul><li>Social networking sites 50% </li></ul><ul><li>Entertainment sites 40% </li></ul><ul><li>Shopping/auction sites 27% </li></ul><ul><li>Sports sites 21% </li></ul><ul><li>External blogs 18% </li></ul><ul><li>Source: 2007 Electronic Monitoring & Surveillance Survey , American Management Association </li></ul><ul><li>and The ePolicy Institute. </li></ul>Symantec Hosted Services Strategy & Vision
    25. 25. Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Establish comprehensive, written rules and policies addressing employee use of email, the web, and all other electronic business communication tools—old, new & emerging. </li></ul><ul><li>Assign legal to review AUP & ensure that all federal/state laws and industry/government regs are addressed. </li></ul><ul><li>Educate employees about risks & rules, policies & procedures. </li></ul><ul><li>Make clear the fact that the company’s system & tools exist primarily for business purposes. </li></ul>
    26. 26. Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Provide clear guidance on what is—and is not—appropriate business use & content. </li></ul><ul><li>Establish clear, specific personal use rules. Do not leave personal use policy open to individual interpretation. </li></ul><ul><li>Include overview of harassment/discrimination guidelines & all other employment policies. </li></ul><ul><li>Remind employees that a policy is a policy. </li></ul>
    27. 27. Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Stress the fact that policy compliance is 100% mandatory—during business hours & at home, on company-provided systems/equipment & on personal tools. </li></ul><ul><li>Review AUP & all employment policies with all employees. </li></ul><ul><li>Do not rely on employee handbook or Intranet alone. Best practices call for formal, onsite training. </li></ul><ul><li>Address ownership issues & privacy expectations. If you monitor, let employees know what you are monitoring, how & why. </li></ul><ul><li>Explain that employees have no reasonable expectation of privacy when using the company system. </li></ul>
    28. 28. Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Establish netiquette guidelines to help ensure civil business environment. </li></ul><ul><li>Define “electronic business record” for all users. </li></ul><ul><li>Support record retention policy with Hosted Email Archiving Service to ensure your ability to preserve, protect, produce ESI. </li></ul><ul><li>Protect confidential data, customer financials & EPHI with a proven-effective Hosted Encryption and Security Service. </li></ul><ul><li>Apply technology—monitoring, blocking & content control—to help manage people problems. </li></ul>
    29. 29. Acceptable Use Policy: Best Practices to Minimize Risks <ul><li>Review and update AUPs & employment policies annually. </li></ul><ul><li>Require all employees to sign and date Acknowledgement Form following training. </li></ul><ul><li>Notify employees that violation of AUPs or any employment policy may result in disciplinary action, up to & including termination. </li></ul><ul><li>Maintain comprehensive records of your policy, training & technology program. You may need to prove your commitment to best practices one day. </li></ul><ul><li>Do not allow employees to dismiss AUP/electronic risk management program as insignificant or unenforceable. </li></ul>
    30. 30. Symantec Hosted Services & Acceptable Usage Policies
    31. 31. We help solve the Top Challenges of Messaging Security EMAIL-BORNE THREATS CONTINUE TO EVOLVE Symantec State of Spam Report and MessageLabs Intelligence COMPLIANCE WITH USAGE POLICIES Inappropriate Content Confidential Content SENSITIVE DATA IS LEAVING THE ENTERPRISE <ul><li>1:400 emails contain confidential information </li></ul><ul><li>59% of ex-employees admit to stealing confidential company information </li></ul><ul><li>88% of all cases are due to insider negligence </li></ul>Ponemon Institute, 2009 COST AND COMPLEXITY <ul><li>Keeping systems current </li></ul><ul><li>Responding to end user requests </li></ul><ul><li>Generating management reports </li></ul><ul><li>Managing policies across systems </li></ul>
    32. 32. Control Challenges * Ponemon Institute, 2009 Sensitive Data is Leaving the Enterprise <ul><li>Over 88% of all data loss cases are due to insider negligence* </li></ul>Blocking Inappropriate Images and Content <ul><li>Organizations must protect employees from offensive, unwanted images and content </li></ul>Ensuring Compliance with Usage Policies <ul><li>Organizations must protect themselves from legal exposure and regulatory fines </li></ul>Managing Cost, Efficiency and Accuracy <ul><li>Managing filter accuracy while ensuring that legitimate emails are not blocked </li></ul>
    33. 33. Risk of Data Loss <ul><li>Data Loss Can Result In: </li></ul><ul><li>Regulatory fines </li></ul><ul><li>Litigation </li></ul><ul><li>Lost business </li></ul>Confidential Ponemon Institute, 2009 IIDC nformation Protection and Control Survey: Data Loss Prevention and Encryption Trends 2008 emails contains confidential information of data loss occurs through email of all data loss cases are due to insider negligence 1:400 56% 88%
    34. 34. How our service works… MessageLabs Email Content Control <ul><li>Key Features: </li></ul><ul><li>Highly flexible, intuitive rule-building processes </li></ul><ul><li>Scans email header, subject and body, as well as supported PDF, MS Office and compressed file attachments </li></ul><ul><li>Configurable notifications for each rule and action type </li></ul><ul><li>Word list thresholds determine how often keywords or phrases must occur before a rule is triggered </li></ul><ul><li>Extended character list recognition for non-Western keywords or phrases </li></ul>
    35. 35. How our service works… MessageLabs Email Image Control <ul><li>Key Features: </li></ul><ul><li>Configurable, highly accurate image scanning engine </li></ul><ul><li>Scanning within supported Microsoft® Office and PDF documents attached to or embedded in emails </li></ul><ul><li>Customizable lists of approved senders and recipients </li></ul><ul><li>Customizable local databases of image signatures </li></ul><ul><li>Optional global image signature database submitted by the MessageLabs client community </li></ul>
    36. 36. Business Benefits of our Services Email Image Control and Content Control <ul><li>Increase User and IT Productivity </li></ul><ul><li>No Software or Hardware to Manage </li></ul><ul><li>Easy to Configure </li></ul><ul><li>Enforce Acceptable Use Policies </li></ul><ul><li>Filter Inbound and Outbound Emails and Attachments </li></ul><ul><li>Aggressive Service Level Agreement </li></ul><ul><li>Data Loss </li></ul><ul><li>Sexual Harassment </li></ul><ul><li>Regulatory Penalties </li></ul><ul><li>Reputation and Business Loss </li></ul>Reduce Risk Increase Confidence Lower Costs
    37. 37. Cloud computing vs. SaaS Where do we fit in?
    38. 38. General Benefits of SaaS Lower Total Cost of Ownership (TCO)  Simplified Management  Shorter Deployment Time Seamless Integration  No hardware. No software. Little maintenance  Ease Internal IT Pains 
    39. 39. Symantec does it better Highest SLA Performance backed by Cash-Back Remediation  Best SaaS Support: 24x7X365 95% satisfaction+  Global, redundant infrastructure 14 data centers  Converged Threat Analysis Powered by Skeptic TM  Market Leader 
    40. 40. Next Steps <ul><li>Begin a free trial of MessageLabs Email Security services </li></ul><ul><li>See a demo </li></ul><ul><li>Request a quote </li></ul><ul><li>Visit www.messagelabs.com for additional information </li></ul>
    41. 42. The ePolicy Institute™ www.epolicyinstitute.com [email_address] <ul><li>Contact us </li></ul><ul><ul><li>Seminars & Webinars </li></ul></ul><ul><ul><li>Policy Consulting & Development </li></ul></ul><ul><ul><li>Litigation Consulting & Expert Witness Services </li></ul></ul><ul><ul><li>ePolicy Forms Kits, Books, White Papers & Other Content </li></ul></ul><ul><ul><li>Surveys with American Management Assoc & Other Partners. </li></ul></ul>Thank You Sponsors! <ul><li>Technical Demo & Overview: </li></ul><ul><ul><li>Email Anti-Spam & Anti-Virus </li></ul></ul><ul><ul><li>Email Content & Image Control </li></ul></ul><ul><ul><li>Email Archiving </li></ul></ul><ul><ul><li>Email Continuity </li></ul></ul><ul><ul><li>Email Encryption </li></ul></ul><ul><ul><li>Web Anti-Virus & Anti-spyware </li></ul></ul><ul><ul><li>Web URL Filtering </li></ul></ul>Symantec Hosted Services www.messagelabs.com (866) 460-0000

    ×