Magazine article The CPA Journal

Computer Monitoring and Surveillance

Magazine article The CPA Journal

Computer Monitoring and Surveillance

Article excerpt

Balancing Privacy with Security

Information security and employee privacy are important issues facing all organizations. E-mail monitoring software will grow significantly in the next five years, from $139 million in sales (2001) to $662 million (2006), according to International Data Corp. (IDC). Federal legislation mandates that companies actively safeguard personal information. Standards established by the Federal Trade Commission (FTC) focus on maintaining the security and confidentiality of personal records and information, protecting against internal and external threats to the security or integrity of such records, and protecting against unauthorized access or use of personal records.

Whereas past information security efforts centered on protecting systems from external threats (e.g., computer hackers), the risk of internal threats to personal information has spawned both new legislation and new market opportunities. Content and information security services is a burgeoning market that IDC predicts will exceed $23.5 billion by 2007, with a yearly growth rate of 20.9%. This represents a huge opportunity for CPA firms that offer systems consulting, fraud consulting, or assurance services. Moreover, CPA firms must also determine the extent of their own compliance with information protection laws.

Content Security

Content security involves using electronic means to monitor the transmission and storage of data over a company's network. Content-filtering software can stop spam, scan attachments for inappropriate language, block dangerous attachments, stop intellectual property breaches, quarantine questionable messages or embedded images, and notify systems managers when policies are violated. The potential costs of litigation from adverse network practices underscore the importance of content security. Thomas Shumaker II, an expert in labor and employment law, believes that "CPAs have a duty to take reasonable steps to protect both their employees and their clients. Don't be afraid to monitor the workplace." Shumaker thinks it is critical for companies to realize that they are legally liable for all transmissions within their networks. In one recent incident, reported by The New York Times, a sexual harassment suit cost Chevron $2.2 million because an employee sent coarse messages over the company e-mail system.

Employee monitoring is one component of BDO Seidman, LLP's critical antifraud procedures (CAP) program. Carl Pergola, national director of BDO's CAP, states that "it is essential for organizations to monitor employees" in order to comply with federal mandates such as the GrammLeach-Bliley Act. The content security approach of their CAP program recommends monitoring servers, back-ups, e-mail, and Internet activity, as well as conducting random computer forensics on employee computers. Pergola acknowledges that employee surveillance and monitoring is only one part of a comprehensive program that may also include background investigations, interviews, and fraud education.

Developing an information security strategy that involves employee monitoring requires that the information risks and system controls of an entity are understood. Any strategy requires the implementation of surveillance tools and the development of a monitoring policy that effectively reduces risk and demonstrates compliance with federal laws. A comprehensive content security policy focuses on four areas tailored to the needs, resources, and goals of individual organizations: prevention, detection, investigation, and reporting.


Prevention is the main component of an information security strategy. It includes a clearly written and readily available corporate policy that defines information security principles, establishes acceptable and unacceptable practices, outlines criminal offenses, and describes disciplinary actions.

Monitoring is an effective deterrent and detection technique within an overall content security strategy. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.