US Firms Read Employee E-mail On a Massive Scale 263
An anonymous reader writes "In its fifth annual study of outbound e-mail and data loss prevention issues, Proofpoint found that 41% of the largest companies surveyed (those with 20,000 or more employees) reported that they employ staff to read or otherwise analyze the contents of outbound e-mail. 22% of these companies said they employ staff primarily or exclusively for this purpose."
It's a waste of money. (Score:2, Interesting)
All this does is prove that you can't trust people who work at big dumb companies. They can't tell you what they really think by email, so you have to assume they are lying to you. It's amazing that 41% of these companies admitted to the practice after the whole HP scandal.
Re:Is this surprising? (Score:5, Interesting)
I was shocked at what I saw. People shopping around their resume, looking for new jobs. People emailing people who they were involved with in an extra-marital affair. And lots of the other junk you mention. And this was primarily involving execs.
Re:Is this surprising? (Score:2, Interesting)
Guilty as charged.
On the whole good advice. In my experience most large companies use data loss prevention (DLP) products chiefly to monitor for personally identifiable information (PII) such as SSNs, credit card numbers, drivers license number, bank account numbers, etc. If your email doesn't contain a recognizable piece of PII, it generally does not get logged. DLP products certainly can be used to monitor "Acceptable Use" violations, but most companies I've seen would rather stick their heads in the sand than have to deal with every employee that writes a dirty email to his wife.
Re:It's not work monitor emails that bugs me. (Score:5, Interesting)
One of their duties is guarding the ESA launch site in French Guiana, so some Slashdotters might be into that. Plus, working out and is a lot like "leveling up," as our friends at XKCD remind us. Just think of it as a real-life RPG.
If people watch the e-mails... (Score:3, Interesting)
Re:don't use work email for anything personal (Score:2, Interesting)
I've got news for you - ALL of these products that are worth the price they charge also have the option to monitor your web browsing.
Think you're safe using webmail at work? Not necessarily. Many webmail services only encrypt the login information, not your actual email. And since it is web based, these products can pick up your personal email if you send them over your corporate connection. Heck, even if your choosen webmail service does use SSL for all of your traffic, some of the more advanced products can make use of man-in-the-middle proxies that can and will actually intercept your SSL certificates and replace them with their own. Granted if this DOES happen, you or your browser should at least be able to recognize what is going on.
Your best bet (unless you are friendly with the guy who reads your email) is to tunnel your traffic through a home based SSH server, and even that isn't perfect.
Don't like this? I have a solution. (Score:4, Interesting)
1) Work for companies with over worked and under-budged IT departments who fight fires daily and have no long term plans - These companies are highly likely not to have any time to be reading your emails. Hell, you'd be lucky if the mail server stays up all week.
2) Write emails in foreign languages. In North America this works well, where so many people only speak English. Alternatively, teach your loved ones to use encryption in emails.
3) Use a fax machine. I know, waste of paper, but most companies don't have technology implemented to sniff/wiretap fax transmissions.
4) RDP to your home PC and write an email from there to your loved ones.
5) Make calls from conference rooms instead of your desk. This won't work if you call people daily, but its good if you need to make personal calls once a week or so. At the very least, it won't show up on your phone's call log, or the PBX's log about your phone.
6)If none of these are an option, you are working for a company that doesn't respect your privacy. Stand up for yourself, and go find another job.
Re:Get back to work! (Score:5, Interesting)
Images were displayed of what people were surfing. I also attached the ip address of the user to the image.
It stopped inappropriate internet surfing in that office in 3 days.
When everyone can wee what you are doing, you get back to real work.
Boy, are US companies taking big risks! (Score:4, Interesting)
Talk about a confusing issue. You require outright consent from employees AND the party your emailing. Period. No exceptions. Simply stating 'we monitor all emails' will not hold up in court - should it ever come to it - you need permission from that individual employee - or all employees and have a readily available record of their consent.
If what I'm reading is correct, its far easier to leave your emails alone, and then search if you have an issue with court permission, than it is to be actively reading emails.
Re:Secure your email (Score:4, Interesting)
Have you considered, perhaps you're being a tad hysterical here?
I work at one of those "ultra-anal" defense contractors... a biggun... and know our IT processes quite well, including the realities.
They don't "frog march" people out the door for those sorts of things. Actually, the IT security guys are lucky if they can get engineering to pay attention to them at all.
Except in SCIFs, then it's a different matter.
C//
Re:don't use work email for anything personal (Score:5, Interesting)
No outgoing e-mail (Score:2, Interesting)
Interestingly he's been blocked from sending e-mails now but can still receive them!
Re:Get back to work! (Score:1, Interesting)
he probably wouldn't have liked it
Google loves HTTPS (Score:3, Interesting)
Also keep in mind that Google offers several services that operate on HTTPS: Google Reader [google.com] (great for bypassing those stupid web-filters that block political sites at repressive companies), Google Calendar [google.com] (so you can schedule your interviews without alerting your company), and Google Docs [google.com] (so you can work on your resume in private).
Google is also a godsend for consultants at client sites who are working with sensitive materials they don't want their clients to see (and don't want to use VPN).