Many companies which deal with financial transactions or personal information of clients, have very strict security policies. This includes strict physical security as well as Infrastructure and IT security. No matter how much of physical security you have (like biometric door locks or CCTV systems) if your IT security is weak, then your security is meaningless. In today’s age of cut throat competition, it is very important to ensure confidentiality and data integrity. This article deals with how many companies and businesses are monitoring corporate email sent and received by employees.
Most businesses which monitor employee communication are either very large corporations looking at protecting their trade secrets and business intelligence or they are third party processing or outsourcing firms handling sensitive customer information on behalf of the companies hiring them. In both cases, to prevent any leakage of information or any employee giving away details of new launches or new products to their competitors, employers setup surveillance measures on all their communications, especially on email, which is now a widely used form of correspondence for business. By doing this, they can track any suspicious correspondence or information which an employee may have sent or received, thereby indicating that the employee is sharing some confidential or important inside information with outsiders or with people who should not have access to it. This includes giving out of information to people within the organization who should not be having the privilege of accessing that data.
Simply put, employers can track emails through their email service or email servers, which are the focal point when sending or receiving the emails. This means that by placing certain filters and triggers on the email server, the bosses can track the email correspondence that employees are having with various persons. The emails that are sent out by the employees go through the email server, which then reads the messages and passes them through certain checks. If they pass or fail those checks, then certain pre defined actions can be performed on them and then they can be either blocked, or copied to the boss or sent through without any intervention. For example, if an employee is sending mail within their domain or to another department internally, the mail is not dealt with by the monitoring system. If it is sent to any external third party, then the mail is immediately filtered and checked for certain keywords or phrases. If the mail matches a certain pattern, a copy of the mail along with an alert can be sent to the boss or the IT staff.
Normally, when a mail is secretly copied to a boss or staff member monitoring the employees, there is a huge amount of data to monitor. Instead now filters can be setup to separate and monitor mail based on certain criteria or keywords. For example, if a mail is sent from a mobile phone, it should immediately be copied to the boss. If the mail is sent from a desktop at the company location, it can be sent without filtering. Similarly, if the mail contains a number or money like $1,200,000 then a copy should be marked to the monitoring team. This helps to select the most important type of mail and allows focused tracking for the admin.
While it may not be legal in all countries to read the mail and communication meant for someone else, there is also a great need for companies handling sensitive personal information or defence information to track their employees. Most companies make their employees sign a waiver of their privacy before they are employed. Many companies also warn their employees about possible surveillance or when a mail has been specifically flagged or filtered or marked to their boss.