Author: Tsakani Stella Rikhotso

By the end of this lesson, learners should be able to:

• Identify the parts of the email message window
• Compose and send an email message
• Receive new email messages

An organisation must take note of certain security considerations of using the internet for transmitting messages in terms of both the environment and its implications to the immediate environment.

1. Computer virus

A computer virus is an unauthorised software program or portion of a program that is introduced into a computer or network. The purpose of a virus is to damage data files, delete data or perform other harmful actions. Depending on the purpose of a particular virus, the reformatting of an infected diskette or hard drive may be the only method of dealing with the virus. This will result in the loss of all the data on the diskette or hard drive.

• Computer viruses are becoming more common and the number of viruses being detected has increased. The downloading or copying of unauthorised software onto employees’ PCs is one of the easiest ways for these viruses to invade a computer or network.

• It is therefore important that the company not permit its employees to download data of whatever nature except possibly to a stand-alone PC set aside for this purpose. Further, all information downloaded onto the PC should be checked with virus scan software, which the company should have. The organisation should accordingly contain stringent rules in this regard to safeguard its data and computer system

2. Encryption

Encryption is the process of disguising, that is, encrypting, a readable communication, into an unintelligible scramble of characters according to some code or cipher. The readable communication is called plaintext. The encrypted communication is called ciphertext. Decryption is the process of converting the ciphertext back to its original, readable form”.

• Most encryption software programs use algorithms and encryption keys. These keys contain a string of zeros and ones of varying lengths. Each character in the string is called a bit. Encryption software combines the message or attachment to be transmitted and the key in a complex mathematical algorithm, resulting in the ciphertext. The longer the bits in the key, the more difficult it is to “crack” the encryption system without the key.

• Given the fact that the Internet is an open network, it is important to remember that if one is going to send messages which are not encrypted; this would be the electronic equivalent of sending postcards, as opposed to the equivalent of sealed envelopes when encryption is used.

• It appears as if encryption software is free to be used by commercial or private organisations (i.e. one does not need a permit from the relevant government department to use it). The situation is governed by the Armaments Development and Production Act.This Act must be read in conjunction with Schedule 1 of the General Armaments Control Schedule. In terms of the Schedule, the South African government controls encryption as a dual-use item. This means that the export of encryption software requires an individual validated licence. While the Act does not specifically include encryption software in its definition of “armaments”, item 8 of the Schedule places controls on the export of military equipment that possesses cryptographic capabilities. Hence, a valid permit is required from the Armaments Control Division for the import of cryptographic equipment for software.

• It is important for South African users to note that the export of encryption software is regulated in many countries.In the United States, these regulations take the form of export controls. The practical effect of this for South African users is that they are not able to use, for example, PGP (Pretty Good Privacy). However, there is an international version of PGP (known as PGPi) which is available for use by South African users.

3. Spam filter

Spam is any kind of email that you don’t want and that you didn’t sign up to receive. Some spam is annoying but harmless, but some might be part of an identity theft scam or other kind of fraud. You can get spam in instant messages, text messages, and on your social networking sites. This information below will help you to reduce spam email.

• Use email software with built-in spam filtering.SmartScreen filter helps reduce unwanted email. It’s built into Microsoft email programs and is turned on by default.

• Add people you know to your safe sender list and unwanted senders to your blocked list.This helps SmartScreen personalize your email experience, to deliver email that you want into your Inbox, and to filter unwanted email into the Junk folder.

• Share your email address only with people you know.Avoid posting your email address on your social networking site, in large Internet directories, and in job-posting websites. Don’t even post it on your own website (unless you disguise it as described below).

• Ignore junk email or IM.Spammers get rich (and build their contact lists, too) when people buy their “products.” So don’t reply to spam (even to unsubscribe), buy anything from an unfamiliar business, give to any “charity” you don’t know by reputation, or agree to hold or transfer money for anyone. Messages that appear to come from Microsoft and that ask for your password or threaten to close your account or expire your password are false.

• Look for pre-checked boxes.When you shop online, companies sometimes pre-select check boxes that indicate you have agreed that it’s fine to sell or give your email address to responsible parties. Be prudent about when to subscribe to email newsletters and about what kind of email messages you are willing to receive. Clear the check box if you don’t want to be contacted.

• Read the privacy policy.When you sign up for web-based services such as banking, shopping, or newsletters, carefully read the privacy policy before you reveal your email address so you don’t unwittingly agree to share confidential information. The privacy policy should outline the terms and circumstances regarding if or how the site will share your information. If a website does not post a privacy statement, consider taking your business elsewhere.

• Disguise your email address.When you post to a message board, newsgroup, chat room, or other public web page, spell out your entire email address, for example, SairajUdin AT example DOT com. This way, a person can interpret your address, but the automated programs that spammers use often cannot.

• Improve your computer’s security.You can greatly reduce your risk from hackers, viruses, and worms if you use a firewall, keep your Windows and Microsoft Office software up to date, and install antivirus and antispyware software and update it routinely.

It is a principle of South African law that an employer can be held liable for a delict committed by its employee, as long as it can be shown that

1. The employee is in fact liable for the delict,
2. That an employer/employee relationship existed at the time the delict was committed and
3. The delict was committed by the employee “in the course and scope of his or her employment”.

This phrase refers to acts committed by the employee in the exercise of the functions to which he/she was appointed, including such acts as are reasonably necessary to carry out the employer’s instructions.

• While South African law recognises that the employer creates a risk that third parties may be harmed by its employees committing wrongful acts in the course of their duties and that it should be liable to compensate people who suffer harm when the risk materialises, the question posed above has not yet been tested in South African courts. The answer will depend on all of the facts and circumstances of the case. The enquiries will include an examination of the nature and content of the e-mail, the employee’s position, title, scope of responsibilities (and perhaps experience), and the nature of the employer (public or private company, close corporation or partnership). Most importantly one should consider whether the offending act was committed in pursuance of the execution of the employer’s business or whether the employee can be said to have engaged in a “frolic of his own”.

• It is important to remember that binding contracts can be concluded by e-mail and an employer could be bound to a contract entered into by the employee for and on behalf of the company if the employee was either authorised to conclude the contract or if the employee’s responsibilities typically included such activities.

• It is also important to remember that the contracting parties need not be human beings, as sale agreements are now commonly being concluded with “electronic agents” online.In addition, when entering into purchase and sale agreements online, it must be remembered that South African Reserve Bank (SARB) exchange controls apply to all residents in South Africa who wish to remit moneys abroad. This applies to payment in respect of goods purchased abroad. South African residents are also required to pay customs duties and VAT on any imported items when they are collected at the point of entry (which is usually the recipients’ local post office).

• E-mail can contain binding “admissions”, just as can regular mail or other documents. Again the determination will turn on authority and scope of employment. To avert this possibility, some companies have taken to suggesting that their employees draft fairly lengthy electronic “signatures” (which are affixed automatically to the end of all e-mail messages) that expressly disclaim the employee’s authority to act for or bind the employer.

• Even if the employee disclaims official connection with the employer (i.e. by stating that “the following are only my opinions, and do not reflect those of my employer”), can the reputation of the employer be adversely affected? Certainly. In most cases, e-mail from company-provided systems will contain routing information that identifies the company’s Internet “domain” (e.g. name-of-your-company.co.za).

• Aware of this possibility, some employees have taken to posting theirscurrilous messages using pseudonyms while trying to remain anonymous. Unfortunately, this is easier to contemplate than to accomplish. Traffic on the Internet is composed of “packets” which may be likened to postcards, carrying a message, an address, and a return address (these are called “IP addresses”).

• Every e-mail message and browser enquiry is conveyed over the Internet in “packet” format, and monitoring software can easily capture the IP address of the sender’s computer. Whether this IP address is sufficient to actually identify a specific individual depends on the sender’s computer configuration and local computer environment (e.g. a corporate intranet or LAN, or dial-up through an Internet service provider or online service provider).

• Again, where the sender uses a corporate direct connection to the Internet, his/her e-mail and browser requests will carry the corporation’s “.co.za” or “.com” imprimatur and will appear to observers to have come fromsomeone in the company. True anonymity is very difficult to attain.

From the above it should be apparent that employees need to be educated in the risks of sending e-mails or browsing the Internet. It often happens that they are horrified to learn that their every move leaves an audit trail (irrespective of whether or not anyone actually is monitoring their exchanges or later decides to review the system logs). After employees have been educated in these points they are much more likely to act with circumspection in their posting and surfing (both official and personal).

Note

• An organisation must have email policies in place so that employees will not misuse the service. Employees should not email confidential information about the company to anyone. If there are no policies in place, an employee can email sensitive and confidential information to friends of competitors- the company can lose its clients because of this act.

• Employees should not be allowed to visit and download information from some sites. Employees can unknowingly download viruses while downloading information from invalid sources. Viruses spread quickly in workplaces as employees exchange and use removable devices like memory sticks. Viruses can damage the system and destroy valuable information in an organisation.