The ordinary, ubiquitous e-mail messageone of millions sent every dayturns out to be camouflaging a major business risk. In fact, one risk manager thinks the problem has been building for so long that the cure may be a harder sell than the cost of dealing with the problem.
John Kerr is manager of accounting and administration for the Canadian Universities Reciprocal Insurance Exchange as well as being a member of the technology committee of the Risk and Insurance Management Society (RIMS). Kerr said the avalanche of e-mail messages being sent and received by businesses across the globe is creating far too many opportunities for unauthorized visitors to gain access to those messages. Once they get hold of them, those visitors can either share the messages or broadcast them to a larger audience.
I think one of the biggest challenges we face is that most people treat their e-mail correspondence far too casually, Kerr said. They dont give it the record keeping that it deserves.
As many companies cry for a more-paperless business, the use of e-mail has grown to massive proportions. The flow is only going to get bigger, tooits cheap, its easy, and its easy to save, copy, and forward. Research group IDC reported that it expects e-mail traffic to increase to 25 billion messages by 2005, triple the volume of today. Obviously, some of those 25 billion messages will be offering low mortgage rates, vitamin supplements, and other less-savory promotions. Those quickly get sent to the trash bin but so do a lot of important e- messages.
The problem with e-mail, Kerr said, is that its ease of use makes people treat it less like the corporate message it is. If we send out any mail through the postal service, we almost always make a photocopy of it and the copy ends up in a file somewhere, he said. Even if its something as minor as confirming a meeting. Somehow, e-mail has evaded most corporate retention guidelines.
Senders rarely save the messages they e-mail, and sometimes these messages carry important business informationinformation customers will consider to be the senders corporate stance on a subject.
Imagine a customer having an e-mail conversation with someone from XYZ Insurance about rental reimbursement in an auto policy. At one point the carriers employee writes, Oh, dont use PDQ Rent-a-Car. Hertz will give you a better deal. With that off-hand note, Dont use PDQ Rent-a-Car becomes the carriers official policy, like it or not.
Thats where the power of e-mail can turn around and bite you: Telling a customer Oh, dont use PDQ in a phone call probably wont go much further than a single person. But an e-mail message is more likely to be forwarded, cut-and-pasted, and otherwise disseminated.
And if the sender doesnt keep a copy (a likely scenario, with an off-hand comment), if that message is ever quoted or posted out of context, its hard to prove it isnt the real deal.
Savings Plan
In todays litigious society (and how many articles have you see use that phrase?), the need for saving copies is essential. Yet a click on the Delete button dooms the company to a lack of records.
If you sent something to a customer by fax or postal mail, would the length of time you retain that document be longer than what it is with e-mail? asked Kerr. My guess is it would. People just dont keep electronic data as long as they keep paper.
He believes that business-related e-mail items should not be deleted until the item has been saved on paper or stored somewhere else. One option, full of associated headaches, is for a company to dump all its e-mail into a database. Unfortunately, access to the database could cause problems. Confidentiality would be thrown out the window, Kerr said.
Kerr also pointed out how easy it is for outsiders to view your e-mail. Unlike paper records, an unscrupulous person doesnt need physical access to your filing cabinets to get to e-mail. Yes, yes, everyone has firewalls. But how many news stories have you read about computer break-ins at secure sites?
RIMSs technology committee hasnt yet addressed this issue, but it could come before it soon. The committee is working on other technology issues that affect the membership, such as data standards and product offerings, including the ability to use Web-casting technology for training or information purposes. Sometime soon, a standard for sending and saving e-mail might emerge. Until then, the risk is yours. ROBERT REGIS HYLE
The 40th annual RIMS conference and exhibition is scheduled for April 14-18 in New Orleans. More than 400 companies will have products and services on display at the Morial Convention Center. For more information, check out www.rims.org.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.