Common Illegal Uses Of Corporate Email

by Paul Rudo on 13/02/12 at 7:21 pm

Because emails are such an essential business tool, and because of the fact that emails are the single greatest repository of official business documents, it’s very common for employees to commit illegal acts using corporate emails. And when this happens, the organization can often land in trouble.

Below, I’ve outlined some of the most common unlawful activities which take place using corporate email.

An employee could use corporate email to transmit information or intellectual which does not belong to them. This could include distribution of copyrighted materials, leaking of confidential company information or industrial espionage.
Information transmitted might contribute to a hostile working environment, and the company could end up in legal hot water as a result. This is especially true of racist or sexually inappropriate emails.
The corporate email account could be used to distribute unsolicited spam emails. Not only would this action get the company blacklisted from ISPs and Spam filters, but the company could also suffer negative legal consequences.
An employee could encrypt their messages, making them irretrievable without the authorization of the original sender. This would potentially violate the company’s obligations regarding email retention and electronic disclosures.
An employee could forward an email message without the authorization of the original sender. This could violate the expectation of privacy and confidentiality of the original sender.
And employee could send sensitive information to a third party, without including the appropriate legal disclaimers about how this information should be treated.
Because of the simple and insecure nature of SMTP, it’s fairly easy for just about any programmer to forge or “spoof” an email. Forged emails can be used to slander a company and conduct business which was not authorized by the organization. Spoofed emails are also a common tool in “social engineering” hacking attacks.
An employee might conduct official company business using an email account which isn’t controlled by the organisation. When this happens, the company loses control over their internal business communications, and they also lose the ability to meet their email retention and electronic discovery obligations.
An employee might send out threatening or harassing emails to another individual using their corporate email account.
Employees might commit financial crimes by disclosing non-public insider information about the organization to unauthorized parties.
An employee might attempt to delete an email which the organization was legally obligated to retain.
An employee might make unauthorized promises on behalf of the company through official company communications channels. If an employee promises an unauthorized discount to a client, the organization might be legally obligated to follow through on this promise.
If an email account is hacked, this account could be used to commit crimes against others or distribute malicious code which would harm their systems.
Corporate email accounts could be used by internal employees in order to commit fraud against the company or external individuals.
An individual might use the corporate email account in order to slander or defame a competitor, customer or co-worker.

Your company needs to be extremely careful when it comes to employee use of corporate email. Set up detailed policies and train your employees to follow those policies. Also, make sure to take immediate actions when those policies are violated, and have controls in place to prevent and detect misuse.

Do you know of any other ways that corporate email can be unlawfully misused? Leave a comment below and let us know.