- Evaluate all pre-2000, messaging systems; many companies have not upgraded their systems since Y2K, leaving themselves exposed to security risks.
- Formalize a message security policy that outlines acceptable use of corporate email, who owns email communications, and keep users informed on the policies with regular communication and updates.
- Secure access to corporate email by implementing strict password policies, with an 8-digit minimum, non-renewable password, and make sure it's changed frequently. Even better, use 2-factor authentication.
- Layer email security by using a combination of desktop antivirus, multiple server antivirus and content filtering applications. One antivirus is no longer enough. Tackle spam with a centrally managed antispam solution customized for your business and users.
- Encrypt email connections with Virtual Private Network's (VPN) and/or SSL. Never leave corporate email systems open to the public Internet despite the temptation of its convenience.
- Secure the road warriors; make sure wireless and remote users have the same level of security as desktop users without compromising their access. Desktop antivirus, managed personal firewalls and a managed VPN should be standard.
- Monitor email systems and support users 24x7. Ensure administrators are subscribed to multiple security forums and alerts to keep up-to-date on security incidents and vulnerabilities as they happen.
- Evaluate the expertise and security model of any outsourcer or email systems product your company is considering. Ask about antivirus and antispam systems, support models, infrastructure, redundancy, data center storage, back-ups, connectivity, and encryption.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.