Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

To Snoop or Not to Snoop?

  • 15 September, 2004 14:43

<p>To snoop or not to snoop: that is the question:</p>
<p>Whether 'tis nobler in your job to suffer</p>
<p>The slings and arrows of outrageous oversight</p>
<p>Or to take arms as noted by your union,</p>
<p>And by opposing end them?</p>
<p>(Apologies to W. Shakespeare, Esq.)</p>
<p>A Sophos poll of more than 1,000 computer users at small- to medium-sized businesses (SMBs), has revealed that over 50 percent of employees felt that their employers should take preventative action to help ensure that spam containing violent, pornographic and other offensive content does not find its way to their inboxes. Furthermore, only 13 percent of people thought that this should not be the employer's responsibility.</p>
<p>These results, whilst hardly surprising, come at a time when unions and privacy advocates in Australia are calling for clearer and more restrictive guidelines concerning email surveillance by employers.</p>
<p>"Employers are on the horns of a dilemma here," said Paul Ducklin, Sophos’s Head of Technology, Asia Pacific. "There is a certain moral repugnance in the idea of employers reading all their employees' email, even in those legal jurisdictions which offer no expectation of privacy when employees use company equipment to communicate. But there is a certain social irresponsibility in the idea of employers not filtering their employees' mail to prevent the flow of spam, phishing and viruses in and out of the company."</p>
<p>As Ducklin explains, effective corporate anti-virus and anti-spam filtration requires that all email – inwards, outwards and internal – be examined in considerable detail, though by a computer rather than a human. This includes character-by-character, word-by-word and attachment-by-attachment analysis, and results in an often very detailed characterisation of each email's content.</p>
<p>Most unwanted email can be identified automatically in this way, but suspicious emails (such as those containing unknown programs or documents, which can carry viruses, backdoors and keyloggers) may be quarantined for later review. Often this review is done by a human – typically an IT staffer with the technical know-how to asses the safety or suitability of the quarantined item.</p>
<p>Ducklin offers some suggestions for "responsible surveillance" so that employers can balance privacy and security to help ensure an email environment which is neither dangerous nor repressive:</p>
<p>* Make sure that employees are aware of what filtering you are doing and what benefits this has for each individual. For example, by blocking viruses and Trojans, you reduce the risk of damage to business operations and of the loss of confidential data.</p>
<p>* Make sure that you manage your employees' expectations of the filtering you are doing. No computerised filtration process can achieve perfect results (Alan Turing proved this back in the 1930s). For example, by filtering spam, offensive email such as pornography and hate mail will be drastically reduced, but you cannot guarantee to eliminate it.</p>
<p>* Make sure that your company has a code of conduct for IT staff who will administer the email filtering computers. Administrators of these computers will typically have access to logs and quarantined emails, which they must treat with the respect they deserve.</p>
<p>* Consider using a quarantine system which allows employees to review their own messages. For example, Sophos PureMessage includes a feature to send users a regular summary of messages intercepted on their behalf. They can then choose whether to release them automatically or to request further analysis. Emails not requested are automatically removed from the system after a short time.</p>
<p>* Take the advice of Bill Cheswick and Steve Bellovin, long-standing internet security experts and authors of "Firewalls and Internet Security": when implementing computer security measures, always try to adhere to moral standards higher than those strictly required by law.</p>
<p>Sophos has free guidelines for the effective management of viruses and spam in corporate email:</p>
<p>Sophos's email filtering solutions, PureMessage and MailMonitor, are available for free evaluation:</p>
<p>About Sophos.
Sophos is a world leading computer security specialist, developing anti-virus and anti-spam software. Sophos is headquartered in the UK and protects more than 25 million users across all types of organisations, including small- to medium-sized businesses, large corporations, banks, governments and educational institutions against viruses and spam. The company is acclaimed for delivering the highest level of customer satisfaction and protection in the industry. Sophos's products, backed by 24 hour support are sold and supported in more than 150 countries.</p>
<p>Sophos's regional head office for Australia and New Zealand is in Sydney and hosts one of the company's three Computer Virus Research and Development Laboratories to provide global support services.</p>
Paul Ducklin ( is available for comment:
+61 2 9409 9100 (tel)
+61 407 320 515 (mob)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)</p>

Most Popular