Remember the Good Old Days?

Gone are the days when executives used to scribble out on a piece of paper the draft of a correspondence, unmindful of the errors it
contained and pass it on to the person capable to correct the piece which otherwise could have drawn the funeral of the
grammarian. After a minor edit at one or two places, that piece of communication could be finalized and the same was sent out of
the organisation within a few days.

And E-mail Today!

Look at correspondence today. You are out in the field with your laptop computer and can send a fax, check e-mail, schedule
appointments and work on documents. E-mail is an important part of your professional and personal life. As with any new
technology, new rules and conventions must be followed. Here are some basic and not-so-basic points to help make e-mail
messages more appealing and acceptable.

Before You Send the Message

First, determine if e-mail is the appropriate medium for the message. Remember, in an e-mail message the recipient only receives
the words. A large percentage of the intent can be lost due to the absence of body language and tone of voice. As a result, e-mail
messages frequently can cause misunderstandings between the sender and recipient. If dealing with a sensitive issue, an e-mail
message may not be the best means of communication. Treat e-mail messages as seriously as any correspondence otherwise sent
using snail mail. Recognize that while an e-mail message is privately delivered, the recipient can print the message or forward it to
others without your knowledge. If a message is forwarded to an unintended party, the contents of the message could come back to
haunt you. Check for messages often. One of the advantages of e-mail is how quickly people can be contacted. Failing to check email daily nullifies this advantage. Be sure your system's date and time are accurate. The date and time of a message can be
important to determine which information is most recent. Many times recipients and senders fail to print needed copies of messages.
Having copies of messages can often save time and effort. However, delete promptly unwanted messages. To save resources and
promote privacy, consider moving old messages from your mailbox to a floppy diskette.
It is quite possible to spoof (fake) an e-mail message. In other words, you may receive a message from someone that has been sent
by someone else. If you suspect that you have received a spoofed mail message, contact a university computer center in your
locale immediately. Sending an e-mail to appear to be from someone else is a violation of the Computer Use and Abuse Policy and
violators can be prosecuted.

E-mail and Employees

Employers, today, consider it imperative to extend the data communication facility to all employees whose productivity is expected
to improve in the future. E-mail is one such data communication facility. More and more employers are utilizing computers,
networks, e-mail and similar resources to communicate and to conduct business operations. Many employers willingly tolerate
employees tinkering or playing with such systems, since time spent by an employee learning about hardware or software may be
ultimately productive for the employer since the employee can achieve greater efficiency in use of the systems. This is the positive
side of the story. But, employees who are allowed to use company resources in such a loosely supervised fashion can stray out of
bounds. Most employers are expected to assess and decide certain basic, but clear guidelines pertaining to the use of e-mail and
other computing resources owned by the organisation.
Employers should also consider adopting conduct standards for employees using company resources. There have been, for
example, lawsuits recently arising out of employees abusing e-mail systems and posting messages to harass or insult other
employees. Employers face the prospect of legal responsibility for such communications that create a "hostile environment" for
employees unless preventive steps are taken to avoid such harassment in the workplace. At a minimum, management may wish to
consider a policy barring threatening, abusive or inappropriate language over company channels of communication.
The issue of employee privacy should not be overlooked when developing a basic policy on computers and all company resources
and facilities. Employees are sometimes allowed to use company computers for lunch-time correspondence or personal recreation.
A written policy should advise employees that any files of a personal nature should be maintained by the employee only on a
personal diskette, and not stored on a company hard drive or other storage medium. Employers need to be able to access, audit
and even seize or remove storage media used in business operations. If an employee's personal files or correspondence are
maintained on such a medium, the employee may complain of an invasion of privacy. By warning the employee up front that
personal material should simply not be maintained on company facilities, the possibility of a privacy claim can be avoided.
Finally, companies should carefully examine whether all of the software used on company computers, whether by managers or
other employees, is properly licensed. Unauthorized duplication of software is a common phenomenon in many offices, and is

commonly ignored by managers, employees and software vendors. However, software publishers and their trade associations have
become more aggressive in pursuing cases of unauthorized software use. A careless practice, which has been ignored by a
company for years, can suddenly become a major problem if a disgruntled ex-employee chooses to report the company's
unauthorized use of computer software. Prudent management would consider auditing a company's current systems, and both
develop and enforce a clear policy forbidding the use of unlicensed or unauthorized computer software.

Employers, Employees and E-mail: The Issues

Employers are to address the following issues in their organisations to control the use and abuse of the e-mail facility in the written
policy statement:

To what extent can an employer monitor employee electronic communications?

How should an employer deal with: Access to, downloading and redistribution of pornography throughout the corporate
networks. Use of unauthorized encryption technology. Online harassment. Improper use of company computing
resources.
Who owns work produced with company computing resources that has not been unauthorised?
What is the company exposure for copyright infringement done by an employee without the company's knowledge?
Is the company at any greater risk for data and system security and disclosure of company trade secrets due to access to
the Internet and expanding worldwide communications capabilities?
Should the company permit company credit card purchases over the Internet?

Proactive Audit of E-mail

Computer security, privacy and fraud are critical issues as corporate networks and employees link into the Internet. With improved
remote access, corporate data are increasingly vulnerable. Employees need to be educated on how to handle sensitive information
in the office, from home and in the field. During the Persian Gulf War, a British general jeopardized the entire operation by leaving
his laptop computer in his car, from which it was stolen. We will never know for sure the aim of the thieves, but we do know that one
career was destroyed.
Trade secret protection is becoming more difficult as foreign governments take on post-cold war assignments. Old formerly friendly
spy networks are now being used for industrial espionage. There is increased concern over how personally identifiable data are
collected, used and shared in both the government and private sectors.
Global networks raise privacy and security issues. Most organizations have international offices and their customers, business
partners and employees communicate with them 24 hours a day.
Protecting "hard copies" of corporate information in locked file cabinets and locked offices is no longer sufficiently security when
most of the original data is online and accessible from at least one computer system. Access to the Internet and on-line networks
exponentially increase the identified risks. The trend is toward complex, integrated systems, EDI and automated order processing.
Again, data security is a big issue. We need to prevent unauthorized access to confidential information and provide for adequate
backup. With distributed processing and local departmental file management, audits of departmental and organizational backup
practices are essential for the smooth running of a business and for efficient record keeping purposes.
A policy of destroying unnecessary paper as well as electronic files is critical. Recent court cases in the United States have found
"smoking guns" in old e-mail and early drafts of corporate documents. The provisions of an early draft may not be binding but can
sometimes be used to establish a party's intent or state of mind when entering into a transaction. For these reasons, regular
computer system audits are essential. However, care needs to be taken to conduct audits within reasonable guidelines and to use
the resulting information appropriately to avoid seriously damaging employee moral. Employers should address auditing openly and
clearly so that employees' expectation of privacy fit within the existing corporate guidelines.
Employment issues take on a new dimension and magnitude when communications are opened onto the Internet. Internal e-mail
systems tend to be less regulated and some might assume, less risky. In essence, for the employer, the old questions of whether
the employer is permitted to open a letter addressed to an employee at the place of business or open the top desk drawer or read
department e-mail remains. Now the repercussions can be much greater when employers monitor e-mail, or employees hack into
online company records and then disseminate them worldwide. Worse, they may permanently alter records that can have a
devastating impact on those individuals.

How to Monitor E-mails?

Employers are to monitor e-mails in an explicit manner and make it clear to the employees about the expected level of privacy in
using the e-mail facility of the company. Company management is to take following actions to monitor the resources:

Develop or extend corporate policies to address employee privacy expectations.

Determine the extent of any current monitoring and limit monitoring to "work related" and supervisory activities. State
extent of monitoring in policy.
Educate and periodically remind employees about the management of policy.
Post a notice when employees log onto the computer network and require an affirmative acknowledgement by having the
employee indicate that he/she has read the screen before moving on. The notice should state clearly that the system and
e-mail are not private and will be audited according to the parameters of employee use. It should also state online
etiquette for using the network and company resources. For example:
"All systems and electronic communications are to be used for business purposes only and in accordance with company
policies and procedures. All systems are subject to periodic company audit for business and security purposes. Please
keep these guidelines in mind when using company networks and the Internet."
Address backup and retention of stored mail.
Set forth how any accessed information will be used.

Employees should clearly understand when and what is being monitored and what will be done with the resulting information and
should also be aware that systems may be audited without prior notice to employees. Employees should understand that use of
company e-mail, computers and voice mail systems is limited to business purposes unless otherwise stated.

E-mails are Risky to Data Security

Evidence shows that significant international hacking is increasing. USA allied governments have admitted to industrial spying to
assist their citizens in technology development. It is said foreign governments hire professional hackers who regularly attempt
infiltration of corporations and government agencies. The FBI reported more than 5,000 corporate network "intrusions" in the first
four months of 1995, when Internet usage started to surge. This represents 1 percent of the real total as the veil of secrecy remains
in place. Corporate file theft and intrusions by online profiteers represent billions of dollars in business. That's just skimming the
surface. The former head of the FBI, William Sessions, raised the issue about whether the US government should assist US
companies by either letting them know when their network security has been breached or by disseminating information that the
government had discovered. There is also increased concern over how personally identifiable data are collected, used and shared
in both the government and private sectors.
Opening company computer networks for remote access and Internet connections also greatly increases the risks of maintaining
company trade secrets and makes the company vulnerable to computer virus attacks which can destroy and alter data. Repairing
the systems can require substantial resources and involve major system downtime. Policies for handling and accessing company
confidential information and trade secrets should be developed and made available to all employees. Safeguards for online
purchasing with company credit cards should also be addressed. This is an instance where encryption technology can be effective.
Digitally signing a message can verify a sender. Network security, both local area and outside to the Internet, must be addressed
because the threats are real and the loss of business assets is at risk.
The infamous case of Borland International vs. Symantec Corp. makes the abuse of e-mail by an employee in sending the secret
and critical information crystal clear. Auditing e-mails is not a simple issue as it is directly connected to the privacy of the employee
concerned. The United States has different laws in various of its states to deal with the privacy and the audit of e-mails. However,
having an explicit policy dealing with the use of all resources including e-mails so that employees are clear about the consequences
for using the facility against its pre-defined purpose is essential.