According to a new survey by Forrester Research, 41% of large companies (those having at least 20,000 employees) either read or analyze the contents of outbound e-mail.  They’re either paying other employees to read them or presumably using any number of commercially available software programs to analyze them. 

44% of the companies surveyed investigated a confidential data breach involving e-mail in the past year, while 26% said they fired an employee for violating the company’s e-mail policy.  Companies also expressed concern over employees leaking information on message boards, blogs, and other electronic media.

Quite frankly, I’m surprised only 41% of large companies are doing this (although it depends on the industry).  I would have expected it to have been much higher given the daily parade of data and privacy breaches in the news.  After all, it’s large companies that have the financial and human resources to implement widescale e-mail monitoring systems.  Smaller companies may be in a much different situation.

Of course, many employers find it distasteful to engage in this type of monitoring.  It can, if not handled properly, be destructive to employee morale and have lasting effects.  Nevertheless—for better or worse—many employees are slowly coming to grips with their employers’ monitoring efforts.  It’s just becoming a fact of life. 

But the truth is, I’ve had clients whose employees have e-mailed confidential and sensitive company data.  Some workers do it without thinking about it, while others are far more malevolent in their intentions.  This is especially the case when employees leave their companies on bad or poor terms.  So it’s a very real problem for employers that has very real consequences.  Thus, like it or not, monitoring will only continue to increase. 

Bottom Line:  Be careful.  You don’t have any right to privacy when you’re at work.  So don’t think that anything you send—whether to a spouse, boyfriend, girlfriend, doctor, stockbroker, or anyone else—is private.  Even if you have to send it and it can’t wait until you get home, an employer is within its rights to read your e-mail, no matter how private the subject matter.  Of course, what it does with that information is another matter.

In today’s world, where fraud is just a mouse click away, it’s nice to know that every so often the good guys win.  Three international hackers were indicted by the Department of Justice (”DOJ”) last week for trying to steal and sell credit card information from customers of Dave & Buster’s, the popular restaurant/entertainment chain.

According to the indictment, the hackers were able to install “packet sniffers” on many of the company’s servers to copy credit card information as it traveled between restaurants and Dave & Buster’s corporate headquarters in Dallas.  The company detected the intrusion and alerted the authorities, but not before 5,000 credit/debit card numbers were stolen and sold to other criminals to make fraudulent purchases.

One of the foreign hackers was arrested in Miami.  No problem there.  The other two, however, were arrested in the Ukraine and in Germany by those countries’ authorities.  It’s certainly not a done deal yet.  The DOJ is seeking the extradition of the other two, but no word yet whether those efforts will be successful. 

While these sorts of arrests are still few and far between given the magnitude of data theft and online fraud, it’s a start.  The DOJ is obviously taking the problem seriously.  Hopefully, other countries will too and the cooperation will continue.  With any luck, if these hackers are extradited, tried, and found guilty, the court will make an example out of them. 

It’s always refreshing to see companies take affirmative steps to try and protect users from malicious programs that can be inadvertently downloaded onto their computers.  Yahoo and McAfee are joining forces to unveil a new security feature designed to warn Yahoo users about potentially dangerous links to software such as adware, spyware, keystroke loggers, and other malicious programs.  Yahoo users will see a red exclamation point and a warning next to any links that McAfee has identified as containing harmful software.

It’s a good start and is one more weapon in the fight against increasingly sophisticated hi-tech criminals.  However, it’s only a matter of time before this new service becomes the target of lawsuits by companies who are identified as “false positives.”  That is, legitimate companies whose links are mistakenly identified as being malicious.

Remember the “real-time blackhole list (“RBL”)?”  This was a Mail Abuse Prevention Service (MAPS) which published lists of ISP addresses which were known to be associated with spammers.  A network could then filter out any questionable e-mail traffic and it would disappear in a metaphorical “black hole” and never reach its destination.

This prompted lawsuits from companies (who called themselves “e-mail marketers”) against RBL providers who claimed that they were being defamed by being erroneously or improperly included on these lists.   (They also included “false light” and restraint-of-trade claims.)  While most suits were dismissed or unsuccessful, they were designed to target and harass RBL providers who devised an otherwise sensible solution to an evergrowing spam problem.

It’s only a matter of time before some disgruntled company sues Yahoo and/or McAfee for being falsely identified to users as a provider of malicious software.  (Due to the Yahoo Terms of Service agreement, users will be unable to successfully sue if some malicious links or sites slip through.)   Still though, despite the threat of lawsuits, Yahoo and McAfee should be commended for trying to develop a solution—however temporary or imperfect—to this problem.  Of course, if any of my clients end up being falsely identified as providers of malicious software, then those companies will hear from me.  Until then, the battle continues.