South African companies are not only required to monitor and control the type of information flowing in and out of their networks everyday, but they are also obligated / compelled to institute measures to organise and archive e-mails and other internet transactions so that they can be accessed and retrieved on demand.
This is according to Dries Morris, director at specialist IT security management and consulting company, Securicom, who says companies need to take the management of their electronic communication seriously.
“Companies nowadays can be liable for inappropriate and offensive content circulated by employees; and could face penalties if they fail to control the type of information entering and exiting their networks via e-mail. Companies can also find themselves in contravention of certain regulatory compliance requirements if they don’t put measures in place to secure and manage the flow of confidential business and client information.
“Furthermore, since the introduction of the South African Electronic Communications and Transactions (ECT) Act, in terms of which, all e-mails and other electronic transactions are considered to be legally-binding documents, companies must also have a structured e-mail archive strategy in place to manage and store e-mail correspondence and other electronic transactions.
“Non-compliance with the strict regulations imposed by the ECT Act puts a company at risk of prosecution should they ever have to furnish electronic correspondence in a court of law. There are also certain sections of the Act which impose imprisonment.
“In addition, there has been a huge drive by overseas firms, especially in the USA, to adopt and adhere to certain governance frameworks such as Sarbanes Oxley, ITIL and CoBit. This means that it is becoming increasingly necessary for local companies to ensure that they comply with these frameworks if they want to do business with international organisations,” says Morris.
In short, Morris says companies must know exactly what is happening on their networks at all times and more importantly they need to control what is allowed to enter and exit their networks.
The quickest and easiest way to begin managing the content that enters and leaves the network is to implement a proven content management system. Because e-mail is one of the most common means of communicating and sharing information within and between organisations, managing e-mail correspondence is a good place to start.
Once the content is being managed and the organisation has protected itself by ensuring that only valid e-mail enters and leaves the network, the next step is to begin archiving e-mail messages so that they can be retrieved and presented should the need arise in the future.
There is a wide range of tools available on the market and Morris admits that some are better than others in assisting companies in enforcing compliance.
“Clearly, the vast maze of legislation and plethora of apparent remedies that now exist can confuse businesses that don’t have adequately-skilled and experienced resources to help them negotiate their course or assist in selecting and implementing the most appropriate solutions.
“That’s why it is recommended that companies partner with a specialist IT security management company which has the expertise and infrastructure in place to ensure a smooth transition and the ongoing security of the data,” says Morris.
According to Morris, Securicom offers a comprehensive Internet Managed Scanning and Mail Content Filtering (IMCF) service – an all-in-one solution that combines best-of-breed anti-spam, anti-virus and content security products.