The Sarbanes Oxley Act of 2002 (S-Ox) and the Risks of Non-Compliance Because of Spam.
The Sarbanes Oxley Act was created to combat the rise of corporate fraud in the early part of the 21st century. In a nutshell, the act stipulates retention periods for electronic data (seven years), and mandates that companies must create, publish, and enforce detailed policies governing classification of, access to, and control over electronic data, which includes email messages.
S-Ox does not mention spam, spyware, or any other malware specifically, but it does address compliance issues that can arise because of these things. The intent behind the act is to ensure that companies retain data that may be important in resolving legal issues. Corporate policies must ensure that the data isn't lost or deleted; that security is in place to restrict data access to the parties that legitimately need it; and that the data can be searched and retrieved in meaningful ways when information is needed for an investigation. Spam can impact all of these priorities.
Retention Costs
Without ample spam filters in place, the storage costs of spam alone would be significant for mid-size or larger companies trying to keep every email for seven years, given that up to 90% of all emails coming from the internet are currently junk (Spamhaus).
Security
According to the FBI, 74% of documented cases of Internet and web-based crime used unsolicited email as the primary means to contact the victimized companies and individuals. Spam is the number one means of transmitting malicious viruses, worms, and trojans designed to steal confidential information. Failure to provide adequate protection against these threats, or at least make an earnest and informed effort to do so, would qualify as S-Ox non-compliance.
Access
Archives that are polluted with spam are more difficult to index by keyword, and more costly to search for relevant records in the event of an investigation.
Compliance with S-Ox and related regulations must be a serious concern to corporate policy-makers and IT departments. Penalties for non-compliance range from the loss of exchange listing to multimillion-dollar fines and imprisonment. Dealing effectively with spam should be a key piece of an overall compliance strategy.
Are you in a small or medium business drowning in spam? Are you using an anti spam product that does not eliminate 99.8% of the spam and/or removes legitimate messages that may cost thousands in lost opportunities?
The MX Police spam filter can allow you to deal with your business, not with your spam!
Posts
0 comments:
Post a Comment