E-mail exposure: Is your company liable?
Watch out! You may be responsible for gremlins in your corporate e-mail.
Computerworld - Brace yourself: You could be legally responsible for worldwide network security. OK, that may be an overstatement, but it does capture the essence of what's ahead. Companies that pass viruses, worms or any type of malware to other companies via electronic transmissions such as e-mail could find themselves in court, say legal and security experts. And they could be held liable for damage done, even if they unintentionally spread such cyberpests.
"There's very little question that it's going to come. The concept of due diligence has done nothing but push its way out into the consciousness of everyone in this country," says Charles Hibnick, chief systems security architect at AvMed Health Plans Inc., a health insurance company in Miami.
The stage is being set for such action, experts say. Federal laws, government agencies and private organizations are setting new standards for network and Internet security. Meanwhile, lawyers are testing various legal theories for punishing cyberspace criminals. And some companies with established relationships are signing contracts detailing security expectations that prohibit even the accidental transmission of malware.
Given all this, can litigation be far off?
"I do think we are looking at this type of litigation in the future. And I think it's going to happen sooner rather than later," says Rodger Cole, a litigation partner at Fenwick & West LLP in Mountain View, Calif.
Image Credit: Emmanuel Kerner
Some cases involve companies inadvertently releasing viruses, worms and the like, she says. Others involve contractual liability in situations where companies had agreements to keep systems secure. Davis says these cases haven't wound up in court - yet - because executives prefer to avoid the media spotlight on such issues.
"You certainly have claims. What people usually do is turn it against their own corporate insurance policies," she says, adding that traditional policies generally won't cover such claims, however.
Given the state of electronic communications, the potential for getting into trouble is staggering.
"If you're operating on the Internet today, there is some level of constant attack activity," says Art Manion, an Internet security analyst at the CERT Coordination Center at Carnegie Mellon University's Software Engineering Institute.
Viruses, worms, Trojan horses, botnet zombies, distributed denial-of-service attacks, hacking, blended threats -- they're all out there, and many can hitch rides with e-mails and electronic transmissions, including instant messages.
"We're up to
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts