By Katherine Wegert From The Wall Street Journal Online
Jane Terry has done more than her fair share of email policing.
As president of California manufacturer Ajax Boiler Inc., Terry has on two occasions caught employees breaching network security. While testing a new company software system, she stumbled upon a staff member bringing a rival's proprietary information into Ajax's system. Terry spent $6,000 fixing that problem, and hundreds more when a senior manager at the 100-employee company hacked into the network of a former employer, with whom he was involved in a lawsuit.
"We found him reading the HR manager's email," said Ms. Terry. "He was involved in a lawsuit and was probably looking for information on it. It was unbelievable."
Both staff members would have escaped notice if it weren't for a recent upgrade to Ajax's security software. The product, made by SpectorSoft Corp., a Florida company, essentially records everything employees do on their computers: what Web sites they have visited, how long they looked at a site, what emails they have sent, and more.
Nowadays, the greatest risk to company security comes from within, security analysts say. In the past, the threat had been mostly from spammers and hackers. These new threats are prompting companies to take their security measures up a notch. Employers are increasingly relying on advanced software to protect their systems.
Indeed, experts see the market for such security systems growing to $2.8 billion by 2010 from $919 million in 2005.
Even well-meaning employees can cause data-security problems. According to the Privacy Rights Clearinghouse, earlier this year the personal information of 302 households -- including names, addresses, birthdays and family-income ranges -- were posted on a public Internet site several times over a five-month period when employees at the U.S. Census Bureau tested new software while working from home. Employees breaching another company's network -- as in Ms. Terry's case -- also put businesses on the defensive.
A 2005 survey by the ePolicy Institute and the American Management Association polled 526 companies about their monitoring practices: 76% said they monitor Web connections, up from 62% in 2001, and 55% said they also look at email, compared with 47% in 2001.
"Monitoring is becoming more prevalent now than it has been," said Gartner analyst Peter Firstbrook, adding that both the insider threat and compliance issues are driving the growth. "People sending things to themselves or stealing intellectual property is a real concern."
There will always be people who try to beat the system. That is why analysts say that it is important for businesses to keep up with what is new and pick technology that can monitor, filter, block access to inappropriate Web sites and purge emails and instant messaging systems.
"You want to monitor your existing technology, but you need to stay up on what's new, especially if you have a young work force," said Nancy Flynn, executive director of the ePolicy Institute.
Software supplier Clearswift, with about $50 million in revenue a year, sells products that monitor email and Internet connections. Some applications can detect credit-card and Social Security numbers in an email message, a spreadsheet or an attached Word document; others limit accessibility of certain documents to a specific number or group of people.
"We can help stop the outbound threat," said Alyn Hockey, director of product management at Clearswift. "The real key thing about our product is that we can actually create policy rules that let people do their job without making security an inhibitor. We can encrypt mail according to policy and have different roles and responsibilities for managing the system, such as [by limiting access to] business managers and compliance officers."
Websense Inc., with $179 million in annual revenue, has a leak-prevention suite of software that discovers, monitors and prevents sensitive data from leaking out of the organization, either accidentally or maliciously, through common platforms, including email, instant messages, Web mail and network printers.
As monitoring technology becomes increasingly sophisticated and widespread, some argue that employers should respect their workers' privacy.
"Businesses have their concerns, and they're legitimate," said Jeremy Gruber, legal director at the National Workrights Institute. "But what we need is regulation. We need to see companies balance their concerns with their employees' privacy."
Email your comments to cjeditor@dowjones.com.
