Risky, because users commonly violate corporate, legal and regulatory policies when using email: they send credit card numbers and other financial information in clear text, violating laws designed to protect consumers. They send employees’ healthcare-related information via clear-text email in violation of HIPAA requirements. They sometimes send confidential information to hundreds or thousands of people when they intended it for only one recipient. They send sensitive information to the wrong parties. They send large attachments to thousands of employees or customers, choking network bandwidth.
To address these problems, it’s essential that organizations manage and investigate them proactively. IT and others must be able to set alerts to look for unusual behavior in email traffic. They need the ability to analyze email traffic after the fact as part of forensics investigations. They need to identify users who need additional training on email best practices or who might be intentionally violating corporate, legal or regulatory policies. In short, every organization needs a way to eliminate the risk from the single most important communication and collaboration platform they manage.