What are the most significant e-mail security threats and how do you deal with them?
E-mail security threats can be classified in to categories: inbound and outbound. Inbound threats come into the shape of viruses and malware, spyware, attachment spam, spam e-mail that redirect users to phony websites, phishing scams, e-mail exploits and so on. To deal with these threats, companies need to take the following steps:
- Install anti-spam and anti-phishing software. An effective product will use various technologies to deal with spam and its derivatives such as image spam, MP3 spam, Excel spam and NDR spam, for example.
- Install anti-virus software at server level and implement strict content filtering policies across the organization. The use of multiple anti-virus engines is recommended.
- Educate employees on the use of e-mail and how to treat suspicious e-mails. The basic message should be: if you don’t know who sent the e-mail and you were not expecting any attachments don’t open it. Getting this message across will reduce the risk that an employee will open a link or divulge information he or she should not give out.
- Employees should be told not to use their work e-mail address for personal business, to open accounts on social networking sites etc. By restricting the use of work e-mail addresses to business communications, you can lower the risk that corporate e-mail addresses will find their way onto spam lists.
Companies should not ignore the threat posed by insiders. Data leakage of important and confidential information can occur if an employee mistakenly sends an e-mail to the wrong person, or intentionally e-mails the material to third parties for personal gain or with malicious intent. This threat can be greatly reduced if companies implement content filtering policies that restrict what can be sent out by e-mail.
In your opinion, should we encrypt all business e-mail?
Encryption is but one tool to protect business e-mail. While it will protect the contents of an e-mail from prying eyes and those who are not authorized to review that content, it will not protect the company from insiders sending out confidential material without permission (unless steps to prevent this are already in place). Encryption alone is not the solution.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.