No one can deny the positive impact email has had on the way we conduct business. From rapid communication to dramatic increases in efficiency, the list is endless with ways that email has helped companies expand into giant multinational corporations. Yet, something that will not appear on that list is security, or rather the lack thereof. Whether if it be an unintended attachment or a misguided email address, employees have the ability to completely cripple their company’s reputation with one click of a button. Here's a scary example:
In 2008, an outside lawyer for the pharmaceutical giant, Eli Lilly, sent an email to an associate detailing a $1.42 billion dollar settlement with the Federal government as punishment for a misguided marketing campaign for one of their best-selling products, Zyprexa. The only thing is, the email wasn’t sent to an associate. It was sent to a New York Times reporter with the same last name as the intended recipient. A simple mistake? Yes. Simple consequences? Not really.
The email disclosed the largest settlement ever paid by a pharmaceutical company for breaking the Federal government’s laws on drug promotion, as well as a brief discussion of possible criminal charges the company would be facing.
According to Katherine Eban at Portfolio.com, “Those who knew the real story must have had a chuckle—or shed some tears—over Lilly's statement to the Times that it had ‘no intention of sharing those discussions [with the government] with the news media and it would be speculative and irresponsible for anyone to do so.’’’
The truth is, Eli Lilly is not the only company to fall victim to the consequences of loose email security. Chevron, AstraZeneca, and even Bill Gates have all had emails cost them legal or financial strongholds in their respective industries. In fact, in a 2007 survey conducted by Forrester’s consulting department it was discovered that “of those surveyed (308 IT professionals at U.S. enterprises with more than 1,000 employees) a third had investigated emails that they believed had leaked confidential data in the past year.” However, I did not write this post to enlist scare tactics and fear.
Emailing sensitive corporate information can lead to drastic consequences, all of which can be avoided by using secure and protected means of storage and communication. Email will always be an effective way to communicate but when dealing with sensitive or confidential documents, virtual data rooms should be a requirement.